Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PCPrivacyShieldSetup.exe

Overview

General Information

Sample name:PCPrivacyShieldSetup.exe
Analysis ID:1545595
MD5:36e634c5cd1d301df846df0d28f0db50
SHA1:1daa5039a206eac01555c0554bc0772e477a9dca
SHA256:681b61911a4e840540afad0f05af5669140e86d7c9d8a1377d50483d4e5d2352
Tags:exeuser-MaxMax66
Infos:

Detection

Score:34
Range:0 - 100
Whitelisted:false
Confidence:0%

Compliance

Score:36
Range:0 - 100

Signatures

Multi AV Scanner detection for dropped file
.NET source code references suspicious native API functions
Installs Task Scheduler Managed Wrapper
PE file contains section with special chars
PE file has nameless sections
Tries to harvest and steal browser information (history, passwords, etc)
Abnormal high CPU Usage
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • PCPrivacyShieldSetup.exe (PID: 7256 cmdline: "C:\Users\user\Desktop\PCPrivacyShieldSetup.exe" MD5: 36E634C5CD1D301DF846DF0D28F0DB50)
    • PCPrivacyShieldSetup.exe (PID: 7580 cmdline: "C:\Users\user\Desktop\PCPrivacyShieldSetup.exe" /i "C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\PCPrivacyShield.msi" /L*v "C:\Users\user\AppData\Roaming\\PC Privacy Shield\PC Privacy Shield 4.9.8\install\installlog.txt" AI_EUIMSI=1 APPDIR="C:\Program Files (x86)\PC Privacy Shield" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Privacy Shield" SECONDSEQUENCE="1" CLIENTPROCESSID="7256" AI_MORE_CMD_LINE=1 MD5: 36E634C5CD1D301DF846DF0D28F0DB50)
  • msiexec.exe (PID: 7368 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7424 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 6D9D21CE130F74F78C1DEE127FBFAB9C C MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • PCPrivacyShield.exe (PID: 5812 cmdline: "C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe" startscan "C:\Users\user\Desktop\PCPrivacyShieldSetup.exe" MD5: 5B34516DF5AB905BD334E908683A8084)
    • msiexec.exe (PID: 7688 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding F339063B2D7F5AA49C6D3BCEA32A4992 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 7832 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 1C300E307AD5246F63AB5C1721DD9590 E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • InstAct.exe (PID: 7960 cmdline: "C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" xtend MD5: DC1153D77C40FE6977E0D4AC65866534)
    • InstAct.exe (PID: 8156 cmdline: "C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" removeOld MD5: DC1153D77C40FE6977E0D4AC65866534)
    • InstAct.exe (PID: 3808 cmdline: "C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" createini MD5: DC1153D77C40FE6977E0D4AC65866534)
    • InstAct.exe (PID: 7524 cmdline: "C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" install MD5: DC1153D77C40FE6977E0D4AC65866534)
    • InstAct.exe (PID: 7532 cmdline: "C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" installurl "C:\Users\user\Desktop\PCPrivacyShieldSetup.exe" MD5: DC1153D77C40FE6977E0D4AC65866534)
      • chrome.exe (PID: 416 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE= MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 3412 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=2024,i,16932873091567761477,1262112429000342913,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • InstAct.exe (PID: 8184 cmdline: "C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" skipuac MD5: DC1153D77C40FE6977E0D4AC65866534)
    • InstAct.exe (PID: 8160 cmdline: "C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" popuptask MD5: DC1153D77C40FE6977E0D4AC65866534)
  • TaskTools.exe (PID: 4076 cmdline: "C:\Program Files (x86)\PC Privacy Shield\TaskTools.exe" run_program MD5: 13C119FDEB84F4E4A9386E48CBE7B1FD)
    • PCPrivacyShield.exe (PID: 1196 cmdline: "C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe" MD5: 5B34516DF5AB905BD334E908683A8084)
  • PCPrivacyShield.exe (PID: 7340 cmdline: "C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe" popup MD5: 5B34516DF5AB905BD334E908683A8084)
  • PCPrivacyShield.exe (PID: 8736 cmdline: "C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe" minimized MD5: 5B34516DF5AB905BD334E908683A8084)
  • PCPrivacyShield.exe (PID: 9212 cmdline: "C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe" minimized MD5: 5B34516DF5AB905BD334E908683A8084)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe" minimized, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe, ProcessId: 5812, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCPrivacyShield

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeReversingLabs: Detection: 20%
Source: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\PCPrivacyShield.exeReversingLabs: Detection: 20%
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeEXE: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\TaskTools.exeJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeEXE: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\x64\DecryptTool.exeJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeEXE: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\WcDialog.exeJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeEXE: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\schedc10.exeJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeEXE: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\InstAct.exeJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeEXE: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\PCPrivacyShield.exeJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeEXE: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Armt.exeJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeEXE: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\trialnotification.exeJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeEXE: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\updater.exeJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeEXE: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\x86\DecryptTool.exeJump to behavior

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeEXE: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\TaskTools.exeJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeEXE: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\x64\DecryptTool.exeJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeEXE: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\WcDialog.exeJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeEXE: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\schedc10.exeJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeEXE: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\InstAct.exeJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeEXE: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\PCPrivacyShield.exeJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeEXE: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Armt.exeJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeEXE: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\trialnotification.exeJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeEXE: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\updater.exeJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeEXE: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\x86\DecryptTool.exeJump to behavior
Uses 32bit PE files
Source: PCPrivacyShieldSetup.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Creates install or setup log file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\installlog.txtJump to behavior
Creates license or readme file
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeFile created: C:\Program Files (x86)\PC Privacy Shield\README.txt
PE / OLE file has a valid certificate
Source: PCPrivacyShieldSetup.exeStatic PE information: certificate valid
Uses new MSVCR Dlls
Source: C:\Windows\System32\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\msvcr100.dllJump to behavior
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 149.210.194.253:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 149.210.194.253:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 149.210.194.253:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 149.210.194.253:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49783 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.64:443 -> 192.168.2.4:49786 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.64:443 -> 192.168.2.4:49843 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: PCPrivacyShieldSetup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: wininet.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1716368342.0000000006AAC000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1768133800.0000000003A51000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\NetFirewall.pdb: source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Dropbox\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\Net40\Newtonsoft.Json.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, InstAct.exe, 0000000B.00000002.1902083448.000000000C6A2000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdbC source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: d:\agent\_work\3\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\ChromeDownloads\ExcelDataReader-develop\ExcelDataReader-develop\src\ExcelDataReader\obj\Debug\net45\ExcelDataReader.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbl source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\NetFirewall.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: PCPrivacyShieldSetup.exe, PCPrivacyShieldSetup.exe, 00000000.00000000.1679879072.0000000000E18000.00000002.00000001.01000000.00000003.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000000.1762525754.0000000000E18000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: d:\agent\_work\3\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Branch\win\Release\stubs\x86\Updater.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: msvcp100.i386.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: msvcr100.i386.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdb| source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\ChromeDownloads\ExcelDataReader-develop\ExcelDataReader-develop\src\ExcelDataReader\obj\Debug\net45\ExcelDataReader.pdbSHA256 source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: msvcr120.i386.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Users\dahall\Documents\Visual Studio 2010\Projects\TaskService\obj\Release\Microsoft.Win32.TaskScheduler.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, InstAct.exe, 00000011.00000002.1939151292.0000000005E22000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: msvcp120.i386.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\dev\sqlite\dotnet\bin\2010\Win32\ReleaseStatic\System.Data.SQLite.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\ResourceCleaner.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074A3000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: wininet.pdbUGP source: PCPrivacyShieldSetup.exe, 00000000.00000003.1716368342.0000000006AAC000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1768133800.0000000003A51000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Users\dahall\Documents\Visual Studio 2010\Projects\TaskService\obj\Release\Microsoft.Win32.TaskScheduler.pdbp source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, InstAct.exe, 00000011.00000002.1939151292.0000000005E22000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\lzmaextractor.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Dropbox\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\Net40\Newtonsoft.Json.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, InstAct.exe, InstAct.exe, 0000000B.00000002.1902083448.000000000C6A2000.00000002.00000001.01000000.00000010.sdmp
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile opened: z:Jump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile opened: x:Jump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile opened: v:Jump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile opened: t:Jump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile opened: r:Jump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile opened: p:Jump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile opened: n:Jump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile opened: l:Jump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile opened: j:Jump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile opened: h:Jump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile opened: f:Jump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile opened: b:Jump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile opened: y:Jump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile opened: w:Jump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile opened: u:Jump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile opened: s:Jump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile opened: q:Jump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile opened: o:Jump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile opened: m:Jump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile opened: k:Jump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile opened: i:Jump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile opened: g:Jump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile opened: e:Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile opened: c:
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile opened: a:Jump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00D027F0 ReadFile,FindFirstFileW,FindClose,CreateEventW,CreateThread,WaitForSingleObject,GetExitCodeThread,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,0_2_00D027F0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00CDC9A0 FindFirstFileW,GetLastError,FindClose,0_2_00CDC9A0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00CDC040 _wcsrchr,FindFirstFileW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,_wcsrchr,0_2_00CDC040
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BE11B0 FindClose,PathIsUNCW,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError,_wcsrchr,_wcsrchr,PathIsUNCW,0_2_00BE11B0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00CC1130 GetShortPathNameW,FindFirstFileW,FindNextFileW,FindClose,0_2_00CC1130
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00CDE270 FindFirstFileW,FindClose,0_2_00CDE270
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00CDC3D0 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,GetFileAttributesW,FindNextFileW,0_2_00CDC3D0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00D208C0 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,0_2_00D208C0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00CDBDB0 _wcsrchr,_wcsrchr,FindFirstFileW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,_wcsrchr,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,GetFileAttributesW,SetFileAttributesW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,3_2_00CDBDB0
Source: global trafficTCP traffic: 192.168.2.4:54730 -> 1.1.1.1:53
Source: global trafficHTTP traffic detected: POST /pcprivshield/pcprivshield_2.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: pps.shieldappsverify.comContent-Length: 63Expect: 100-continueConnection: Keep-Alive
Source: global trafficHTTP traffic detected: POST /pcprivshield/pcprivshield_2.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: pps.shieldappsverify.comContent-Length: 47Expect: 100-continueConnection: Keep-Alive
Source: global trafficHTTP traffic detected: POST /pcprivshield/pcprivshield_2.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: pps.shieldappsverify.comContent-Length: 120Expect: 100-continueConnection: Keep-Alive
Source: global trafficHTTP traffic detected: POST /pcprivshield/pcprivshield_2.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: pps.shieldappsverify.comContent-Length: 40Expect: 100-continue
Source: global trafficHTTP traffic detected: POST /pcprivshield/pcprivshield_2.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: pps.shieldappsverify.comContent-Length: 40Expect: 100-continueConnection: Keep-Alive
Source: global trafficHTTP traffic detected: POST /pcprivshield/pcprivshield_2.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: pps.shieldappsverify.comContent-Length: 90Expect: 100-continue
Source: global trafficHTTP traffic detected: GET /ext/cyber_whitelist.txt HTTP/1.1Host: pps.shieldappsverify.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: POST /pcprivshield/pcprivshield_2.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: pps.shieldappsverify.comContent-Length: 90Expect: 100-continue
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewIP Address: 50.87.253.110 50.87.253.110
Source: Joe Sandbox ViewIP Address: 151.101.194.137 151.101.194.137
Source: Joe Sandbox ViewIP Address: 151.101.194.137 151.101.194.137
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 172.64.149.23
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknownTCP traffic detected without corresponding DNS query: 172.64.149.23
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.64
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.64
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.64
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.64
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.64
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.64
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.64
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.64
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.64
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.64
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BmRxXm81SrA95px&MD=Rw14uCfM HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE= HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-includes/css/dist/block-library/style.min.css?ver=6.6.2 HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/formcraft3/dist/formcraft-common.css?ver=3.8.24 HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /jquery-2.2.4.min.js?ver=2.2.4 HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://shieldapps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/formcraft3/dist/form.css?ver=3.8.24 HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/complianz-gdpr-premium/assets/css/cookieblocker.min.css?ver=1720730547 HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/themes/shield-apps2/style.css?ver=1.0.1 HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/themes/shield-apps2/css/bootstrap.min.css?ver=6.6.2 HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/themes/shield-apps2/css/slick.css?ver=6.6.2 HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/themes/shield-apps2/images/shield-apps-logo.png HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2022/03/palceholder.png HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2015/03/box-shieldapps-cyber-privacy1.png HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2020/03/box-vpn1.png HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2022/10/box-shield-antivirus1.png HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/themes/shield-apps2/js/bootstrap.min.js?ver=6.6.2 HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/themes/shield-apps2/js/ScrollToPlugin.min.js?ver=6.6.2 HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/themes/shield-apps2/js/TweenMax.min.js?ver=6.6.2 HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/themes/shield-apps2/js/slick.min.js?ver=6.6.2 HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/themes/shield-apps2/css/icomoon/icomoon.ttf?dzxhyb HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://shieldapps.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://shieldapps.com/wp-content/themes/shield-apps2/style.css?ver=1.0.1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/themes/shield-apps2/images/about-bkg.jpg HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://shieldapps.com/wp-content/themes/shield-apps2/style.css?ver=1.0.1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/themes/shield-apps2/js/design.js?ver=6.6.2 HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/themes/shield-apps2/js/skip-link-focus-fix.js?ver=20151215 HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2016/03/box-ransomware-defender1.png HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2015/04/box-pc-privacy-shield1.png HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2015/05/box-ShieldApps_Webcam_Blocker1.png HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2015/06/box-identity-theft-preventer1.png HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2016/03/box-pc-cleaning-utility1.png HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2016/03/box-anti-malware1.png HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2019/08/color-line.png HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2020/02/partner_logos_c.png HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/complianz-gdpr-premium/cookiebanner/js/complianz.min.js?ver=1720730544 HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-json/complianz/v1/banner?lang=en&locale=en_US&token=onhno HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-type: application/jsonAccept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-includes/js/wp-emoji-release.min.js?ver=6.6.2 HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/complianz/css/banner-1-optout.css?v=30 HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /td/ga/rul?tid=G-V0DL3XBK82&gacid=1954789622.1730307161&gtm=45Pe4as0v896163840za200zb813187311&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101533421~101823848~101878899~101878944~101925629&z=325251096 HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://shieldapps.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET //favicon.png HTTP/1.1Host: shieldapps.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gcl_au=1.1.1439299319.1730307161; _gid=GA1.2.131272535.1730307161; _gat=1; _ga_V0DL3XBK82=GS1.1.1730307161.1.0.1730307161.60.0.0; _ga=GA1.1.1954789622.1730307161
Source: global trafficHTTP traffic detected: GET /ext/cyber_whitelist.txt HTTP/1.1Host: pps.shieldappsverify.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BmRxXm81SrA95px&MD=Rw14uCfM HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: PCPrivacyShieldSetup.exe, 00000000.00000000.1679879072.0000000000E18000.00000002.00000001.01000000.00000003.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: FlashWindowFlashWindowExGetPackagePathhttp://www.yahoo.comhttp://www.example.comhttp://www.google.comTESTtin9999.tmpattachment=.partGETcharsetDLD "filenameutf-8utf-16123POSTAdvancedInstallerLocal Network ServerISO-8859-1US-ASCIIHTTP/1.0Range: bytes=%u- equals www.yahoo.com (Yahoo)
Source: PCPrivacyShieldSetup.exeString found in binary or memory: http://www.yahoo.com equals www.yahoo.com (Yahoo)
Source: chrome.exe, 00000017.00000002.4207432841.00001D60024C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: pps.shieldappsverify.com
Source: global trafficDNS traffic detected: DNS query: shieldapps.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: code.jquery.com
Source: global trafficDNS traffic detected: DNS query: analytics.google.com
Source: global trafficDNS traffic detected: DNS query: stats.g.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: td.doubleclick.net
Source: unknownHTTP traffic detected: POST /pcprivshield/pcprivshield_2.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: pps.shieldappsverify.comContent-Length: 63Expect: 100-continueConnection: Keep-Alive
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
Source: InstAct.exe, 00000007.00000002.1843409932.0000000002B29000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000A.00000002.1860099028.0000000003017000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000B.00000002.1898806369.0000000002A68000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000B.00000002.1898806369.0000000002A5C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000E.00000002.1943989651.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000F.00000002.2010871467.000000000261C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000011.00000002.1938221449.000000000282C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000012.00000002.1944193693.000000000292C000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, TaskTools.exe, 00000014.00000002.1998769025.0000000002FAC000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://block.shieldapps.us/cps_blocked.html
Source: PCPrivacyShieldSetup.exe, 00000000.00000002.1969508218.0000000006625000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiC
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1961456996.0000000001405000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000071FD000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764642146.000000000139E000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764913738.000000000139E000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1931280057.0000000003135000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764059979.00000000013BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000002.1970286967.00000000072F0000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000002.1968333544.0000000005C20000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1961456996.0000000001405000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000071FD000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1767804983.00000000044B1000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764642146.000000000139E000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764913738.000000000139E000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1931797641.00000000044B7000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1928662615.00000000044B6000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1929595718.000000000135C000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1931280057.0000000003135000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764059979.00000000013BD000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1767936999.00000000044B5000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930451926.000000000135E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1966272462.0000000005C54000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1961456996.0000000001405000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000071FD000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1767804983.00000000044B1000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764642146.000000000139E000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764913738.000000000139E000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1929595718.000000000135C000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1931280057.0000000003135000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764059979.00000000013BD000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1767936999.00000000044B5000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930451926.000000000135E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: PCPrivacyShieldSetup.exe, 00000003.00000003.1929595718.000000000135C000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930451926.000000000135E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCx
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clients3.google.com/generate_204
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000002.1969508218.0000000006625000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000071FD000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1767804983.00000000044B1000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1929595718.000000000135C000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1767936999.00000000044B5000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930451926.000000000135E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: PCPrivacyShieldSetup.exe, 00000000.00000002.1968333544.0000000005C20000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764642146.000000000139E000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764913738.000000000139E000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1929595718.000000000135C000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930451926.000000000135E000.00000004.00000020.00020000.00000000.sdmp, InstAct.exe, 0000000B.00000002.1897935406.0000000000DA5000.00000004.00000020.00020000.00000000.sdmp, InstAct.exe, 0000000E.00000002.1942206234.00000000010C4000.00000004.00000020.00020000.00000000.sdmp, InstAct.exe, 0000000F.00000002.1982764222.000000000076A000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000002.4383471863.000000000A4A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: PCPrivacyShieldSetup.exe, 00000003.00000003.1929595718.000000000135C000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930451926.000000000135E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigni
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000071FD000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1767804983.00000000044B1000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1931797641.00000000044B7000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1928662615.00000000044B6000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1929595718.000000000135C000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1767936999.00000000044B5000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930451926.000000000135E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000002.1969508218.0000000006625000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000071FD000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1929595718.000000000135C000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930451926.000000000135E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: PCPrivacyShieldSetup.exe, 00000000.00000002.1969508218.0000000006625000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSignivl~
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1961456996.0000000001405000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000071FD000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764642146.000000000139E000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764913738.000000000139E000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1931280057.0000000003135000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764059979.00000000013BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000002.1968333544.0000000005C20000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1961456996.0000000001405000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000071FD000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1767804983.00000000044B1000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764642146.000000000139E000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764913738.000000000139E000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1931797641.00000000044B7000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1928662615.00000000044B6000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1929595718.000000000135C000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1931280057.0000000003135000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764059979.00000000013BD000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1767936999.00000000044B5000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930451926.000000000135E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1966272462.0000000005C54000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1961456996.0000000001405000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000071FD000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1767804983.00000000044B1000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764642146.000000000139E000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764913738.000000000139E000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1929595718.000000000135C000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1931280057.0000000003135000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764059979.00000000013BD000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1767936999.00000000044B5000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930451926.000000000135E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000071FD000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1767804983.00000000044B1000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1931797641.00000000044B7000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1928662615.00000000044B6000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1929595718.000000000135C000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1767936999.00000000044B5000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930451926.000000000135E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000002.1969508218.0000000006625000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000071FD000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1929595718.000000000135C000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930451926.000000000135E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: chrome.exe, 00000017.00000002.4215918809.00001D60030B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_pa
Source: chrome.exe, 00000017.00000002.4217928603.00001D60035F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dns-tunnel-check.googlezip.net/connect
Source: chrome.exe, 00000017.00000003.2277253893.00001D6002E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2183800270.00001D6002E64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwy
Source: chrome.exe, 00000017.00000002.4204991671.00001D600221C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/cxxqn654fg7hzrcrrnqcniqqye_2024.10.11.1/k
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
Source: InstAct.exe, 0000000B.00000002.1902083448.000000000C6A2000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000002.1969508218.0000000006625000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000071FD000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1929595718.000000000135C000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930451926.000000000135E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: PCPrivacyShieldSetup.exe, 00000000.00000002.1970286967.00000000072F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1966272462.0000000005C54000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1961456996.0000000001405000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000071FD000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1767804983.00000000044B1000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764642146.000000000139E000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764913738.000000000139E000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1929595718.000000000135C000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1931280057.0000000003135000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764059979.00000000013BD000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1767936999.00000000044B5000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930451926.000000000135E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1961456996.0000000001405000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000071FD000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764642146.000000000139E000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764913738.000000000139E000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1931280057.0000000003135000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764059979.00000000013BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0K
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000002.1970286967.00000000072F0000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000002.1968333544.0000000005C20000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000002.1969508218.0000000006625000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1961456996.0000000001405000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000071FD000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1767804983.00000000044B1000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764642146.000000000139E000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764913738.000000000139E000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1931797641.00000000044B7000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1928662615.00000000044B6000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1929595718.000000000135C000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1931280057.0000000003135000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1764059979.00000000013BD000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1767936999.00000000044B5000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930451926.000000000135E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000002.1969508218.0000000006625000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000071FD000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1929595718.000000000135C000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930451926.000000000135E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000071FD000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1767804983.00000000044B1000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1931797641.00000000044B7000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1928662615.00000000044B6000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1929595718.000000000135C000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1767936999.00000000044B5000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930451926.000000000135E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com00
Source: PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pps.5l7k9bn.info/setups/privacy/pcprivacyshield/ext/ff/global_adblock2
Source: InstAct.exe, 0000000B.00000002.1898806369.0000000002B31000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000E.00000002.1943989651.0000000002D15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pps.shieldappsverify.com
Source: InstAct.exe, 0000000B.00000002.1898806369.0000000002B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pps.shieldappsverify.com/setups/
Source: InstAct.exe, 0000000B.00000002.1898806369.0000000002B52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pps.shieldappsverify.com/setups/privacy/pcprivacyshield/s/updates.txt
Source: InstAct.exe, 0000000B.00000002.1898806369.0000000002B31000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000E.00000002.1943989651.0000000002D15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pps.shieldappsverify.comd
Source: chrome.exe, 00000017.00000002.4211939952.00001D6002BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: InstAct.exe, 0000000B.00000002.1898806369.0000000002ADD000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000E.00000002.1943989651.0000000002D02000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000F.00000002.2010871467.000000000261C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000011.00000002.1938221449.000000000281B000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000012.00000002.1944193693.000000000292C000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000015.00000002.2039193870.00000000031B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: InstAct.exe, 00000007.00000002.1843409932.0000000002B29000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000A.00000002.1860099028.0000000003017000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000B.00000002.1898806369.0000000002A5C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000E.00000002.1943989651.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000F.00000002.2010871467.000000000261C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000011.00000002.1938221449.000000000282C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000012.00000002.1944193693.000000000292C000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, TaskTools.exe, 00000014.00000002.1998769025.0000000002FAC000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://scp.e2c3h1y.info/dbvercheck/check_f1.php
Source: PCPrivacyShieldSetup.exe, PCPrivacyShieldSetup.exe, 00000003.00000003.1929595718.000000000135C000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930451926.000000000135E000.00000004.00000020.00020000.00000000.sdmp, InstAct.exe, 00000007.00000002.1843409932.0000000002B29000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000A.00000002.1860099028.0000000003017000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, TaskTools.exe, 00000014.00000002.1998769025.0000000002FAC000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://shieldapps.com/eula/
Source: InstAct.exe, 00000007.00000002.1843409932.0000000002B29000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000A.00000002.1860099028.0000000003017000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, TaskTools.exe, 00000014.00000002.1998769025.0000000002FAC000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://shieldapps.com/eula/&https://shieldapps.com/privacy-policy/3https://shieldapps.com/supportmai
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1961491681.0000000006223000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1966298410.0000000006238000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1961563281.0000000006232000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1760842982.000000000622A000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1962135661.0000000006233000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://shieldapps.com/eula/C
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1961456996.0000000001405000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1961456996.0000000001405000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t2.symcb.com0
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1961456996.0000000001405000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tl.symcb.com/tl.crl0
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1961456996.0000000001405000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tl.symcb.com/tl.crt0
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1961456996.0000000001405000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tl.symcd.com0&
Source: chrome.exe, 00000017.00000002.4211891400.00001D6002BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
Source: chrome.exe, 00000017.00000002.4211891400.00001D6002BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/a
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/news/
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/releases/
Source: PCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: PCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: PCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: PCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: PCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: PCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: PCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: PCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: PCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: PCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: PCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
Source: PCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: PCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: PCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: PCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: PCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: PCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: PCPrivacyShieldSetup.exeString found in binary or memory: http://www.google.com
Source: chrome.exe, 00000017.00000002.4215918809.00001D60030B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_thir
Source: PCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/unix/customizing.html#prefs
Source: InstAct.exe, 0000000B.00000002.1902083448.000000000C6A2000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.newtonsoft.com/jsonschema
Source: PCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: PCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
Source: PCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: PCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: PCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
Source: PCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: PCPrivacyShieldSetup.exeString found in binary or memory: http://www.yahoo.com
Source: PCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: chrome.exe, 00000017.00000002.4205508309.00001D6002278000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000017.00000002.4213788644.00001D6002E44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000017.00000002.4204991671.00001D600221C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4213788644.00001D6002E44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000017.00000003.3629543495.00001D6004490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000017.00000002.4205508309.00001D6002278000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000017.00000002.4206461158.00001D600235C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.w.org/
Source: chrome.exe, 00000017.00000002.4210158134.00001D6002918000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000017.00000002.4208399201.00001D600260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000017.00000003.2043258407.00001D6002E98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, InstAct.exe, InstAct.exe, 00000007.00000002.1843409932.0000000002B23000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000007.00000002.1845083152.000000000772E000.00000002.00000001.01000000.0000000D.sdmp, InstAct.exe, 00000007.00000002.1843409932.0000000002B29000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000A.00000002.1860099028.0000000003017000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000A.00000002.1860099028.0000000003036000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000B.00000002.1898806369.0000000002A64000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000E.00000002.1943989651.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000F.00000002.2010871467.000000000261C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000011.00000002.1938221449.000000000282C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000012.00000002.1944193693.000000000292C000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/pobombckckddakmbebafbmamchdffedp
Source: InstAct.exe, 00000007.00000002.1843409932.0000000002B23000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000A.00000002.1860099028.0000000003036000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000B.00000002.1898806369.0000000002A64000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000E.00000002.1943989651.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000F.00000002.2010871467.000000000261C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000011.00000002.1938221449.000000000282C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000012.00000002.1944193693.000000000292C000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000002FC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/pobombckckddakmbebafbmamchdffedp)Failed
Source: InstAct.exe, 00000007.00000002.1843409932.0000000002B29000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000A.00000002.1860099028.0000000003017000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/pobombckckddakmbebafbmamchdffedpRhttps://microsoftedge.mic
Source: chrome.exe, 00000017.00000002.4209866592.00001D60028B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000017.00000002.4211891400.00001D6002BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000017.00000003.3624907200.00001D600400C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2106626639.00001D6002E90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2104546867.00001D6002E90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624475467.00001D6004FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4207863974.00001D6002548000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2046785475.00001D6002E98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624717557.00001D6003134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2043258407.00001D6002E98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000017.00000003.1995885847.000053740039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000017.00000003.1995885847.000053740039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000017.00000003.1998628522.0000537400694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.1998082436.0000537400684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2089508607.00001D6003418000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000017.00000003.1995885847.000053740039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000017.00000002.4204991671.00001D600221C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000017.00000003.1985484642.00006FFC002C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000017.00000002.4212560856.00001D6002CC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624907200.00001D600400C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4204991671.00001D600221C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4218728757.00001D600393C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4209866592.00001D60028B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624717557.00001D6003134000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000017.00000002.4208399201.00001D600260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-2.2.4.min.js?ver=2.2.4
Source: chrome.exe, 00000017.00000003.2131077220.00001D6002494000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2078314892.00001D6002494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/368855.)
Source: chrome.exe, 00000017.00000003.2167094296.00001D600253C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/analytics-container-tag-serving
Source: chrome.exe, 00000017.00000002.4216574035.00001D60031A5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2167094296.00001D600253C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/analytics-container-tag-servingCross-Origin-Resource-Policy:
Source: chrome.exe, 00000017.00000002.4214701848.00001D6002F7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/analytics-container-tag-servingsN=Micros
Source: chrome.exe, 00000017.00000002.4209866592.00001D60028B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1
Source: chrome.exe, 00000017.00000003.2167094296.00001D600253C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving
Source: chrome.exe, 00000017.00000002.4215918809.00001D60030B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_p
Source: chrome.exe, 00000017.00000003.2088217650.00001D6003350000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview
Source: chrome.exe, 00000017.00000002.4207432841.00001D60024C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000017.00000002.4207432841.00001D60024C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultll.Touch
Source: chrome.exe, 00000017.00000002.4210805359.00001D60029CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4210989560.00001D6002A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4208615088.00001D60026B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000017.00000002.4210989560.00001D6002A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actionsA
Source: chrome.exe, 00000017.00000002.4210805359.00001D60029CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4210989560.00001D6002A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4208615088.00001D60026B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000017.00000002.4210805359.00001D60029CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4210989560.00001D6002A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4208615088.00001D60026B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000017.00000002.4207432841.00001D60024C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000017.00000002.4210158134.00001D6002918000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000017.00000002.4207432841.00001D60024C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000017.00000002.4207432841.00001D60024C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_defaultheel
Source: chrome.exe, 00000017.00000002.4210158134.00001D6002918000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000017.00000002.4217548970.00001D6003554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2277253893.00001D6002E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2183800270.00001D6002E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4218137838.00001D600365C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doubleclick.net/
Source: chrome.exe, 00000017.00000002.4217548970.00001D6003554000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doubleclick.net/Z
Source: chrome.exe, 00000017.00000002.4218137838.00001D600365C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doubleclick.net/ps.com/
Source: chrome.exe, 00000017.00000002.4217548970.00001D6003554000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doubleclick.net/t/
Source: chrome.exe, 00000017.00000002.4210881976.00001D60029F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000017.00000002.4210881976.00001D60029F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: chrome.exe, 00000017.00000002.4210881976.00001D60029F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: InstAct.exe, 00000007.00000002.1843409932.0000000002B29000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000A.00000002.1860099028.0000000003017000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000B.00000002.1898806369.0000000002A68000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000B.00000002.1898806369.0000000002A5C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000E.00000002.1943989651.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000F.00000002.2010871467.000000000261C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000011.00000002.1938221449.000000000282C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000012.00000002.1944193693.000000000292C000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, TaskTools.exe, 00000014.00000002.1998769025.0000000002FAC000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dw.verifywebpro.com/api.php
Source: chrome.exe, 00000017.00000002.4204991671.00001D600221C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0
Source: chrome.exe, 00000017.00000002.4204991671.00001D600221C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/cxxqn654fg7hzrcrrnqcniqqye_2024.10.11.1/
Source: chrome.exe, 00000017.00000003.3629543495.00001D6004490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: chrome.exe, 00000017.00000003.2089508607.00001D6003418000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000017.00000003.1995885847.000053740039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000017.00000003.1998628522.0000537400694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.1998082436.0000537400684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/gjtS
Source: chrome.exe, 00000017.00000003.1998628522.0000537400694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.1998082436.0000537400684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2089508607.00001D6003418000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000017.00000003.1995885847.000053740039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000017.00000003.1998628522.0000537400694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.1998082436.0000537400684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 00000017.00000003.1998082436.0000537400684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 00000017.00000003.2089508607.00001D6003418000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 00000017.00000003.3632211551.00001D600267C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624636601.00001D600267C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4218728757.00001D600393C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4217928603.00001D60035F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4217548970.00001D6003554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2277253893.00001D6002E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2183800270.00001D6002E64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googletagmanager.com/
Source: chrome.exe, 00000017.00000003.2277253893.00001D6002E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2183800270.00001D6002E64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googletagmanager.com/9e3
Source: chrome.exe, 00000017.00000002.4217548970.00001D6003554000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googletagmanager.com/O
Source: chrome.exe, 00000017.00000002.4218728757.00001D600393C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googletagmanager.com/cy
Source: chrome.exe, 00000017.00000002.4217548970.00001D6003554000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googletagmanager.com/f
Source: chrome.exe, 00000017.00000002.4217928603.00001D60035F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googletagmanager.com/pH;
Source: PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://haveibeenpwned.com/
Source: InstAct.exe, 00000007.00000002.1843409932.0000000002B38000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000A.00000002.1860099028.0000000003046000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000B.00000002.1898806369.0000000002A68000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000E.00000002.1943989651.0000000002C5A000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000F.00000002.2010871467.000000000261C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000011.00000002.1938221449.0000000002839000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000012.00000002.1944193693.000000000293C000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ids.xverify.info
Source: PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000002FC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ids.xverify.info/pwnapi/api.php?useragent=PC
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000017.00000002.4210805359.00001D60029CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4210989560.00001D6002A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4208615088.00001D60026B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000017.00000002.4210805359.00001D60029CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4210989560.00001D6002A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4208615088.00001D60026B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000017.00000003.1995885847.000053740039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000017.00000002.4228364726.0000537400270000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4229761037.0000537400770000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000017.00000003.1995885847.000053740039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000017.00000002.4228364726.0000537400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardSt(
Source: chrome.exe, 00000017.00000002.4228364726.0000537400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardSt(Z
Source: chrome.exe, 00000017.00000002.4229761037.0000537400770000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardStwY
Source: chrome.exe, 00000017.00000003.1995885847.000053740039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000017.00000002.4229761037.0000537400770000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 00000017.00000003.1995885847.000053740039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000017.00000003.1995885847.000053740039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/2
Source: chrome.exe, 00000017.00000003.1999190221.00005374006E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000017.00000003.1995885847.000053740039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000017.00000002.4207092071.00001D600246C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000017.00000002.4210158134.00001D6002918000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000017.00000002.4216062281.00001D60030E5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4213616509.00001D6002E1F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4215918809.00001D60030B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000017.00000003.2045300074.00001D6002934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000017.00000002.4207489483.00001D60024E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2045300074.00001D6002934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000017.00000002.4207489483.00001D60024E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000017.00000003.2045300074.00001D6002934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000017.00000002.4216062281.00001D60030E5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4213616509.00001D6002E1F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4216574035.00001D60031A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1728918159&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000017.00000002.4216062281.00001D60030E5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4213616509.00001D6002E1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1728918182&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000017.00000002.4213616509.00001D6002E1F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2659613983.00001D6003134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624717557.00001D6003134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4215918809.00001D60030B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1729004809&target=OPTIMIZATION_TARGET_CLI
Source: chrome.exe, 00000017.00000003.2045300074.00001D6002934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000017.00000003.2045300074.00001D6002934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000017.00000002.4216062281.00001D60030E5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4213616509.00001D6002E1F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4216574035.00001D60031A5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2659613983.00001D6003134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624717557.00001D6003134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4212277284.00001D6002C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=5&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000017.00000002.4208615088.00001D60026B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 00000017.00000003.2277253893.00001D6002E64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetModels?key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Source: chrome.exe, 00000017.00000003.3624907200.00001D600400C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624717557.00001D6003134000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/
Source: chrome.exe, 00000017.00000003.3629543495.00001D6004490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: chrome.exe, 00000017.00000003.3624907200.00001D600400C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624717557.00001D6003134000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js?
Source: chrome.exe, 00000017.00000003.3624907200.00001D600400C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624717557.00001D6003134000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js?7https://sandbox.google.com/payments/v4/js/
Source: PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pps.shieldappsverify.com
Source: InstAct.exe, 0000000E.00000002.1943989651.0000000002C5A000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000F.00000002.2010871467.000000000261C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000F.00000002.2010871467.000000000260B000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000003E23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pps.shieldappsverify.com/pcprivshield/pcprivshield_2.php
Source: InstAct.exe, 0000000F.00000002.2010871467.000000000260B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pps.shieldappsverify.com/pcprivshield/pcprivshield_2.phpd
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, InstAct.exe, 00000007.00000002.1845083152.000000000772E000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://pps.shieldappsverify.comzhttps://shieldapps.com/supportmain/pc-privacy-shield-support/
Source: chrome.exe, 00000017.00000002.4205508309.00001D6002278000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000017.00000002.4215286674.00001D600300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624717557.00001D6003134000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sandbox.google.com/
Source: chrome.exe, 00000017.00000003.3624907200.00001D600400C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3629543495.00001D6004490000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624717557.00001D6003134000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000002.1969508218.0000000006625000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000071FD000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1767804983.00000000044B1000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1931797641.00000000044B7000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1928662615.00000000044B6000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1929595718.000000000135C000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1767936999.00000000044B5000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930451926.000000000135E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: chrome.exe, 00000017.00000002.4216574035.00001D60031A5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2277253893.00001D6002E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4215918809.00001D60030B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com
Source: chrome.exe, 00000017.00000003.2183800270.00001D6002E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2092779925.00001D6003528000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4215918809.00001D60030B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/
Source: chrome.exe, 00000017.00000002.4212560856.00001D6002CC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com//favicon.png
Source: chrome.exe, 00000017.00000002.4214701848.00001D6002F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4214406203.00001D6002F14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/90dd1f3f-be22-409e-a4ce-2fbab89593ad
Source: chrome.exe, 00000017.00000002.4214406203.00001D6002F14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/90dd1f3f-be22-409e-a4ce-2fbab89593ad6
Source: chrome.exe, 00000017.00000002.4214406203.00001D6002F14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/90dd1f3f-be22-409e-a4ce-2fbab89593ader
Source: chrome.exe, 00000017.00000002.4214406203.00001D6002F14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/90dd1f3f-be22-409e-a4ce-2fbab89593adgeHandler
Source: chrome.exe, 00000017.00000002.4206461158.00001D600235C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/?p=5772
Source: chrome.exe, 00000017.00000002.4211939952.00001D6002BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/J
Source: chrome.exe, 00000017.00000002.4211044615.00001D6002A2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/bserver
Source: chrome.exe, 00000017.00000002.4212338065.00001D6002C74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/erPolicy
Source: chrome.exe, 00000017.00000002.4214406203.00001D6002F14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/ost-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=17
Source: InstAct.exe, 0000000F.00000002.2063933765.0000000009519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/post-instal
Source: InstAct.exe, 0000000F.00000002.2010871467.00000000026C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/
Source: InstAct.exe, 0000000F.00000002.2010871467.00000000026C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?
Source: chrome.exe, 00000017.00000002.4220969629.00001D6003C19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=1
Source: PCPrivacyShieldSetup.exe, PCPrivacyShieldSetup.exe, 00000003.00000003.1929595718.000000000135C000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930451926.000000000135E000.00000004.00000020.00020000.00000000.sdmp, InstAct.exe, 00000007.00000002.1843409932.0000000002B29000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000A.00000002.1860099028.0000000003017000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000B.00000002.1898806369.0000000002A5C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000E.00000002.1943989651.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000F.00000002.2010871467.000000000261C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000011.00000002.1938221449.000000000282C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000012.00000002.1944193693.000000000292C000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, TaskTools.exe, 00000014.00000002.1998769025.0000000002FAC000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/privacy-policy/
Source: InstAct.exe, 0000000B.00000002.1898806369.0000000002A5C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000E.00000002.1943989651.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000F.00000002.2010871467.000000000261C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000011.00000002.1938221449.000000000282C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000012.00000002.1944193693.000000000292C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/privacy-policy/3https://shieldapps.com/supportmain/product_support//http://sc
Source: PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/supportmain/pc-privacy-shield-support/
Source: InstAct.exe, 00000007.00000002.1843409932.0000000002B29000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000A.00000002.1860099028.0000000003017000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000B.00000002.1898806369.0000000002A5C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000E.00000002.1943989651.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000F.00000002.2010871467.000000000261C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000011.00000002.1938221449.000000000282C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000012.00000002.1944193693.000000000292C000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, TaskTools.exe, 00000014.00000002.1998769025.0000000002FAC000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/supportmain/product_support/
Source: chrome.exe, 00000017.00000002.4217548970.00001D6003554000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/t/
Source: chrome.exe, 00000017.00000003.2277253893.00001D6002E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2183800270.00001D6002E64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/uD
Source: chrome.exe, 00000017.00000003.2095010828.00001D60031C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4215918809.00001D60030B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/wp-content/themes/shield-apps2/js/ScrollToPlugin.min.js?ver=6.6.2
Source: chrome.exe, 00000017.00000003.2095010828.00001D60031C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/wp-content/themes/shield-apps2/js/TweenMax.min.js?ver=6.6.2
Source: chrome.exe, 00000017.00000003.2095010828.00001D60031C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/wp-content/themes/shield-apps2/js/bootstrap.min.js?ver=6.6.2
Source: chrome.exe, 00000017.00000002.4214406203.00001D6002F14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/wp-content/themes/shield-apps2/js/design.js?ver=6.6.2
Source: chrome.exe, 00000017.00000003.2095010828.00001D60031C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/wp-content/themes/shield-apps2/js/slick.min.js?ver=6.6.2
Source: chrome.exe, 00000017.00000003.2095010828.00001D60031C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/wp-content/uploads/2015/03/box-shieldapps-cyber-privacy1.png
Source: chrome.exe, 00000017.00000003.2095010828.00001D60031C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/wp-content/uploads/2015/05/box-ShieldApps_Webcam_Blocker1.png
Source: chrome.exe, 00000017.00000003.2095010828.00001D60031C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/wp-content/uploads/2015/06/box-identity-theft-preventer1.png
Source: chrome.exe, 00000017.00000003.2095010828.00001D60031C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/wp-content/uploads/2016/03/box-ransomware-defender1.png
Source: chrome.exe, 00000017.00000003.2095010828.00001D60031C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/wp-content/uploads/2020/03/box-vpn1.png
Source: chrome.exe, 00000017.00000003.2095010828.00001D60031C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/wp-content/uploads/2022/10/box-shield-antivirus1.png
Source: chrome.exe, 00000017.00000002.4206461158.00001D600235C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/wp-json/
Source: chrome.exe, 00000017.00000002.4206461158.00001D600235C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/wp-json/wp/v2/pages/5772
Source: chrome.exe, 00000017.00000003.2066240499.00001D6002E80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4206461158.00001D600235C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/xmlrpc.php
Source: chrome.exe, 00000017.00000003.2066240499.00001D6002E80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4206461158.00001D600235C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com/xmlrpc.phpLink:
Source: chrome.exe, 00000017.00000002.4216574035.00001D60031A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com0
Source: chrome.exe, 00000017.00000002.4211044615.00001D6002A2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.com:443
Source: chrome.exe, 00000017.00000002.4212397476.00001D6002C98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.comHX
Source: chrome.exe, 00000017.00000002.4216574035.00001D60031A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldapps.comh
Source: chrome.exe, 00000017.00000002.4210805359.00001D60029CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4210989560.00001D6002A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4208615088.00001D60026B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000017.00000002.4210805359.00001D60029CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4210989560.00001D6002A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4208615088.00001D60026B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000003DD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000003DD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://system.data.sqlite.org/
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, InstAct.exe, 00000011.00000002.1939151292.0000000005E22000.00000002.00000001.01000000.00000012.sdmp, PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://taskscheduler.codeplex.com/
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, InstAct.exe, 00000011.00000002.1939481330.0000000005E6A000.00000002.00000001.01000000.00000012.sdmp, PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://taskscheduler.codeplex.com/H&
Source: chrome.exe, 00000017.00000002.4218137838.00001D600365C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://td.doubleclick.net/
Source: chrome.exe, 00000017.00000002.4211891400.00001D6002BAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4207489483.00001D60024E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://td.doubleclick.net/td/ga/rul?tid=G-V0DL3XBK82&gacid=1954789622.1730307161&gtm=45Pe4as0v89616
Source: InstAct.exe, 00000007.00000002.1843409932.0000000002B38000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000A.00000002.1860099028.0000000003046000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000B.00000002.1898806369.0000000002A68000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000E.00000002.1943989651.0000000002C5A000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000F.00000002.2010871467.000000000261C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000011.00000002.1938221449.0000000002839000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000012.00000002.1944193693.000000000293C000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://testurl.com
Source: InstAct.exe, 00000007.00000002.1843409932.0000000002B38000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000A.00000002.1860099028.0000000003046000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000B.00000002.1898806369.0000000002A68000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000E.00000002.1943989651.0000000002C5A000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000F.00000002.2010871467.000000000261C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000011.00000002.1938221449.0000000002839000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000012.00000002.1944193693.000000000293C000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://testurl.comPMDoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECLBOkl9
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000000.1931383015.0000000000482000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://trello.com/c/VusdVdfd/345-add-red
Source: chrome.exe, 00000017.00000003.3629543495.00001D6004490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1961456996.0000000001405000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.advancedinstaller.com
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: chrome.exe, 00000017.00000003.3632211551.00001D600267C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624636601.00001D600267C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2045196020.00001D600267C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2097804706.00001D600267C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000017.00000002.4213566147.00001D6002E0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
Source: chrome.exe, 00000017.00000003.2043258407.00001D6002E98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000017.00000003.3624907200.00001D600400C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624717557.00001D6003134000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/$
Source: chrome.exe, 00000017.00000003.3629543495.00001D6004490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: chrome.exe, 00000017.00000002.4215918809.00001D60030B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_thi
Source: chrome.exe, 00000017.00000002.4210158134.00001D6002918000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000017.00000003.3629543495.00001D6004490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/cleardot.gif
Source: chrome.exe, 00000017.00000003.3629543495.00001D6004490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/dot2.gif
Source: chrome.exe, 00000017.00000003.3629543495.00001D6004490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/x2.gif
Source: chrome.exe, 00000017.00000002.4208615088.00001D60026B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000017.00000003.3629543495.00001D6004490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com
Source: chrome.exe, 00000017.00000003.3624717557.00001D6003134000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000017.00000002.4212560856.00001D6002CC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624907200.00001D600400C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624717557.00001D6003134000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: chrome.exe, 00000017.00000003.3624907200.00001D600400C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624717557.00001D6003134000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: chrome.exe, 00000017.00000003.2089508607.00001D6003418000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
Source: chrome.exe, 00000017.00000002.4212560856.00001D6002CC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624907200.00001D600400C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4217004943.00001D6003354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624717557.00001D6003134000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierra
Source: chrome.exe, 00000017.00000003.3624907200.00001D600400C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624717557.00001D6003134000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierra5-https://www.googleapis.com/auth/sierrasandbox6.https://www.g
Source: chrome.exe, 00000017.00000002.4212560856.00001D6002CC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624907200.00001D600400C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624717557.00001D6003134000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: chrome.exe, 00000017.00000002.4212397476.00001D6002C98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4213566147.00001D6002E0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
Source: chrome.exe, 00000017.00000002.4216574035.00001D60031A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/
Source: chrome.exe, 00000017.00000002.4211939952.00001D6002BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=GT-M38DBR2
Source: chrome.exe, 00000017.00000002.4216574035.00001D60031A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/static/service_worker/4al0/sw.js?origin=https%3A%2F%2Fshieldapps.co
Source: chrome.exe, 00000017.00000002.4216574035.00001D60031A5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4215918809.00001D60030B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fshie
Source: chrome.exe, 00000017.00000002.4212397476.00001D6002C98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4215918809.00001D60030B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.comHX
Source: chrome.exe, 00000017.00000002.4213566147.00001D6002E0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
Source: chrome.exe, 00000017.00000002.4208615088.00001D60026B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000003DD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000003DD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: InstAct.exe, 0000000B.00000002.1902083448.000000000C6A2000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000015.00000002.2039193870.000000000313A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sqlite.org/copyright.html2
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1961456996.0000000001405000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.thawte.com/cps0/
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1961456996.0000000001405000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.thawte.com/repository0W
Source: chrome.exe, 00000017.00000002.4207432841.00001D60024C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 149.210.194.253:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 149.210.194.253:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 149.210.194.253:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 149.210.194.253:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49783 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.64:443 -> 192.168.2.4:49786 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.64:443 -> 192.168.2.4:49843 version: TLS 1.2
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00CBBCC0 SendMessageW,GetParent,GetParent,GetWindowRect,GetParent,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,MapWindowPoints,FillRect,DeleteDC,SendMessageW,SendMessageW,SendMessageW,0_2_00CBBCC0

System Summary

barindex
PE file contains section with special chars
Source: Armt.exe.0.drStatic PE information: section name: nI7-I
Source: DecryptTool.exe.0.drStatic PE information: section name: nI7-I
Source: DecryptTool.exe0.0.drStatic PE information: section name: Hhex%(F
Source: InstAct.exe.0.drStatic PE information: section name: Hhex%(F
Source: PCPrivacyShield.exe.0.drStatic PE information: section name: nI7-I
Source: schedc10.exe.0.drStatic PE information: section name: Hhex%(F
Source: TaskTools.exe.0.drStatic PE information: section name: nI7-I
Source: trialnotification.exe.0.drStatic PE information: section name: nI7-I
Source: CaByp.dll.0.drStatic PE information: section name: Hhex%(F
PE file has nameless sections
Source: Armt.exe.0.drStatic PE information: section name:
Source: DecryptTool.exe0.0.drStatic PE information: section name:
Source: InstAct.exe.0.drStatic PE information: section name:
Source: PCPrivacyShield.exe.0.drStatic PE information: section name:
Source: schedc10.exe.0.drStatic PE information: section name:
Source: TaskTools.exe.0.drStatic PE information: section name:
Source: trialnotification.exe.0.drStatic PE information: section name:
Source: CaByp.dll.0.drStatic PE information: section name:
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeProcess Stats: CPU usage > 49%
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00C9A630 GetSystemDirectoryW,LoadLibraryExW,NtdllDefWindowProc_W,GetSysColor,0_2_00C9A630
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00C340A0 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,0_2_00C340A0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BD8280 NtdllDefWindowProc_W,0_2_00BD8280
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BE8270 NtdllDefWindowProc_W,0_2_00BE8270
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BD5580 SysFreeString,SysAllocString,GetWindowLongW,GetWindowLongW,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,GetWindowLongW,GetWindowTextLengthW,SetWindowTextW,GlobalAlloc,GlobalLock,GlobalUnlock,SetWindowLongW,SysFreeString,NtdllDefWindowProc_W,SysFreeString,0_2_00BD5580
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BD8840 NtdllDefWindowProc_W,0_2_00BD8840
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BD5BE0 NtdllDefWindowProc_W,GetSysColor,0_2_00BD5BE0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BD7B50 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,DestroyWindow,0_2_00BD7B50
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BE2C90 KillTimer,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,DeleteCriticalSection,0_2_00BE2C90
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BF5D40 NtdllDefWindowProc_W,0_2_00BF5D40
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BDEE70 NtdllDefWindowProc_W,0_2_00BDEE70
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BD4E60 GetWindowLongW,GetWindowLongW,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,GetWindowLongW,GetWindowTextLengthW,SetWindowTextW,GlobalAlloc,GlobalLock,GlobalUnlock,SetWindowLongW,NtdllDefWindowProc_W,0_2_00BD4E60
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BDEFE0 IsWindow,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,0_2_00BDEFE0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00C7EF50 NtdllDefWindowProc_W,0_2_00C7EF50
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00C9A630 GetSystemDirectoryW,LoadLibraryExW,NtdllDefWindowProc_W,3_2_00C9A630
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00C340A0 NtdllDefWindowProc_W,3_2_00C340A0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BD8280 NtdllDefWindowProc_W,3_2_00BD8280
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BE8270 NtdllDefWindowProc_W,3_2_00BE8270
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BD5580 SysFreeString,NtdllDefWindowProc_W,GlobalAlloc,GlobalLock,GlobalUnlock,SysFreeString,NtdllDefWindowProc_W,SysFreeString,3_2_00BD5580
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BD8840 NtdllDefWindowProc_W,3_2_00BD8840
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BD5BE0 NtdllDefWindowProc_W,3_2_00BD5BE0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BD7B50 NtdllDefWindowProc_W,3_2_00BD7B50
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BE2C90 NtdllDefWindowProc_W,DeleteCriticalSection,3_2_00BE2C90
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BF5D40 NtdllDefWindowProc_W,3_2_00BF5D40
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BD4EB7 NtdllDefWindowProc_W,GlobalAlloc,GlobalLock,GlobalUnlock,NtdllDefWindowProc_W,3_2_00BD4EB7
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BDEE70 NtdllDefWindowProc_W,3_2_00BDEE70
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BD4FF5 NtdllDefWindowProc_W,3_2_00BD4FF5
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BDEFE0 NtdllDefWindowProc_W,3_2_00BDEFE0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00C7EF50 NtdllDefWindowProc_W,3_2_00C7EF50
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6fd11f.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID2E4.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID362.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID3A1.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID3D1.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID411.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID441.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID4AF.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{AFBC5F3E-A4BA-45F5-AD51-E866312F779E}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID6A4.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID84B.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID86B.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID966.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDAFD.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDB5C.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{AFBC5F3E-A4BA-45F5-AD51-E866312F779E}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{AFBC5F3E-A4BA-45F5-AD51-E866312F779E}\icon_1.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{AFBC5F3E-A4BA-45F5-AD51-E866312F779E}\SystemFoldermsiexec.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE485.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6fd121.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6fd121.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6B4.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI703.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSID2E4.tmpJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00D027F00_2_00D027F0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00D768400_2_00D76840
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00D779000_2_00D77900
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00DA00400_2_00DA0040
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BE90230_2_00BE9023
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BE11B00_2_00BE11B0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00CC11300_2_00CC1130
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00DB328A0_2_00DB328A
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BEE2300_2_00BEE230
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BF73A00_2_00BF73A0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00DA839A0_2_00DA839A
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BEC3630_2_00BEC363
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BF84B00_2_00BF84B0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00CBC4500_2_00CBC450
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BDF4200_2_00BDF420
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00C375000_2_00C37500
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BE96500_2_00BE9650
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BFB7200_2_00BFB720
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BC47720_2_00BC4772
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BC74800_2_00BC7480
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BEF9F00_2_00BEF9F0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00CE29A00_2_00CE29A0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00CEEAF00_2_00CEEAF0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00D98A2C0_2_00D98A2C
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BE4B300_2_00BE4B30
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00CF3B500_2_00CF3B50
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BEBC610_2_00BEBC61
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BC2EA00_2_00BC2EA0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00DAAEF10_2_00DAAEF1
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BE8E200_2_00BE8E20
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00DACE190_2_00DACE19
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00D35F000_2_00D35F00
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_3_0135CF3A3_3_0135CF3A
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_3_0136CEC93_3_0136CEC9
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BEE2303_2_00BEE230
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BF73A03_2_00BF73A0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BF84B03_2_00BF84B0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00CBC4503_2_00CBC450
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BDF4203_2_00BDF420
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00C375003_2_00C37500
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BFC6003_2_00BFC600
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BE96503_2_00BE9650
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BFB7BE3_2_00BFB7BE
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BC47723_2_00BC4772
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BC74803_2_00BC7480
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BEF9F03_2_00BEF9F0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BE4B303_2_00BE4B30
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BEBC613_2_00BEBC61
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00CDBDB03_2_00CDBDB0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BC2EA03_2_00BC2EA0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00DAAEF13_2_00DAAEF1
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BE8E203_2_00BE8E20
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00DACE193_2_00DACE19
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00D35F003_2_00D35F00
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010AD9587_2_010AD958
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A19B87_2_010A19B8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A6AB87_2_010A6AB8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A2D307_2_010A2D30
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A95A87_2_010A95A8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A44A97_2_010A44A9
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A7E307_2_010A7E30
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A291F7_2_010A291F
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A195A7_2_010A195A
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A29A87_2_010A29A8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A41A17_2_010A41A1
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A41B07_2_010A41B0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A69C77_2_010A69C7
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010AE1F87_2_010AE1F8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A68227_2_010A6822
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A684D7_2_010A684D
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A68837_2_010A6883
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A28A47_2_010A28A4
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A18C77_2_010A18C7
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A08D77_2_010A08D7
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A68E07_2_010A68E0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A13477_2_010A1347
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A137D7_2_010A137D
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A139D7_2_010A139D
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A63EB7_2_010A63EB
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A2BF97_2_010A2BF9
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A6A5A7_2_010A6A5A
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A5A807_2_010A5A80
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A92AA7_2_010A92AA
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A92B07_2_010A92B0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A2AD27_2_010A2AD2
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A12EB7_2_010A12EB
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A15267_2_010A1526
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A154F7_2_010A154F
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A157B7_2_010A157B
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010AFD887_2_010AFD88
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A65837_2_010A6583
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A759A7_2_010A759A
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A25AC7_2_010A25AC
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A65C47_2_010A65C4
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A65FA7_2_010A65FA
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A64477_2_010A6447
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A647D7_2_010A647D
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A14837_2_010A1483
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A249A7_2_010A249A
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A649D7_2_010A649D
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A24C67_2_010A24C6
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A14C47_2_010A14C4
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A14FA7_2_010A14FA
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010AECF87_2_010AECF8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A67187_2_010A6718
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A17227_2_010A1722
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A174D7_2_010A174D
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A87797_2_010A8779
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A67727_2_010A6772
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A17837_2_010A1783
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A87807_2_010A8780
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A27847_2_010A2784
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A17E07_2_010A17E0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A97E07_2_010A97E0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A67E77_2_010A67E7
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A16187_2_010A1618
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A66267_2_010A6626
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A664F7_2_010A664F
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A667B7_2_010A667B
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A16727_2_010A1672
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A36707_2_010A3670
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A36807_2_010A3680
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A16E77_2_010A16E7
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_010A26FD7_2_010A26FD
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_02943EB07_2_02943EB0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_029414F87_2_029414F8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_029428707_2_02942870
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_02945CB07_2_02945CB0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_02943EA07_2_02943EA0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_02945CA97_2_02945CA9
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_029404D77_2_029404D7
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_029414D27_2_029414D2
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_029422C47_2_029422C4
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_02943CF07_2_02943CF0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_02943CE27_2_02943CE2
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_029420EC7_2_029420EC
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_029424E87_2_029424E8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_029426127_2_02942612
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_029420067_2_02942006
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_029468347_2_02946834
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_0294223D7_2_0294223D
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_02946A297_2_02946A29
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_0294245F7_2_0294245F
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_029431B07_2_029431B0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_02941FDA7_2_02941FDA
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_029431C07_2_029431C0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_029423E47_2_029423E4
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_02943FE87_2_02943FE8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 7_2_029427397_2_02942739
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EA6AC010_2_02EA6AC0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EA19B810_2_02EA19B8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EAD98010_2_02EAD980
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EA7E3810_2_02EA7E38
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EA44A910_2_02EA44A9
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EA95B010_2_02EA95B0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EA2D3010_2_02EA2D30
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EA92A810_2_02EA92A8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EA92B810_2_02EA92B8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EA6AB110_2_02EA6AB1
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EA5A9F10_2_02EA5A9F
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EAF22010_2_02EAF220
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EAE22010_2_02EAE220
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EA436110_2_02EA4361
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EA437010_2_02EA4370
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EA08D710_2_02EA08D7
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EA19A110_2_02EA19A1
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EA41A110_2_02EA41A1
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EA41B010_2_02EA41B0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EA368010_2_02EA3680
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EA367010_2_02EA3670
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EA7E2910_2_02EA7E29
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EAF60010_2_02EAF600
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EA878810_2_02EA8788
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EA877810_2_02EA8778
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EA946810_2_02EA9468
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EA947810_2_02EA9478
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EAFDC810_2_02EAFDC8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EA859010_2_02EA8590
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EAED2010_2_02EAED20
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_02EA2D2010_2_02EA2D20
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC3FE810_2_07CC3FE8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC14F810_2_07CC14F8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC639010_2_07CC6390
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC809810_2_07CC8098
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC287010_2_07CC2870
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC681D10_2_07CC681D
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC27EF10_2_07CC27EF
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC27E110_2_07CC27E1
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC6FAF10_2_07CC6FAF
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC6FA610_2_07CC6FA6
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC666E10_2_07CC666E
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC666210_2_07CC6662
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC5E0010_2_07CC5E00
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC6E2D10_2_07CC6E2D
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC6E3610_2_07CC6E36
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC5DF110_2_07CC5DF1
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC14D910_2_07CC14D9
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC04D710_2_07CC04D7
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC3CE310_2_07CC3CE3
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC3CF010_2_07CC3CF0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC14A510_2_07CC14A5
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC64A710_2_07CC64A7
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC6CBB10_2_07CC6CBB
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC6CB210_2_07CC6CB2
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC64B310_2_07CC64B3
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC6B4110_2_07CC6B41
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC6B3810_2_07CC6B38
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC728610_2_07CC7286
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC727D10_2_07CC727D
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC31C010_2_07CC31C0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC699710_2_07CC6997
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC69A310_2_07CC69A3
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC31B010_2_07CC31B0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC710C10_2_07CC710C
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC710310_2_07CC7103
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC809310_2_07CC8093
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC682610_2_07CC6826
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 10_2_07CC606410_2_07CC6064
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0C6A970611_2_0C6A9706
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0C6A9C0511_2_0C6A9C05
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F119B811_2_00F119B8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1D98011_2_00F1D980
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F16AC011_2_00F16AC0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1437011_2_00F14370
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1947811_2_00F19478
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F11DF711_2_00F11DF7
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F12D3011_2_00F12D30
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F16EFF11_2_00F16EFF
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F17E3811_2_00F17E38
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F168E811_2_00F168E8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F108D711_2_00F108D7
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F118C711_2_00F118C7
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F128A411_2_00F128A4
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1688B11_2_00F1688B
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1685511_2_00F16855
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1682A11_2_00F1682A
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F169CF11_2_00F169CF
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F141B011_2_00F141B0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F141A111_2_00F141A1
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F129A811_2_00F129A8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1291F11_2_00F1291F
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F112EB11_2_00F112EB
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F12AD211_2_00F12AD2
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F16AB011_2_00F16AB0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F192B811_2_00F192B8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F192A811_2_00F192A8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F15A8811_2_00F15A88
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1E22011_2_00F1E220
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F163F311_2_00F163F3
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F12BF911_2_00F12BF9
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1139D11_2_00F1139D
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1137D11_2_00F1137D
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1436111_2_00F14361
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1134711_2_00F11347
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F114FA11_2_00F114FA
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F114C411_2_00F114C4
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F124C611_2_00F124C6
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F164A511_2_00F164A5
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1249A11_2_00F1249A
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1148311_2_00F11483
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1648511_2_00F16485
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1348911_2_00F13489
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1946811_2_00F19468
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1644F11_2_00F1644F
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1EC1811_2_00F1EC18
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F17DC211_2_00F17DC2
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F165CC11_2_00F165CC
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F195B011_2_00F195B0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F125AC11_2_00F125AC
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1859011_2_00F18590
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1658B11_2_00F1658B
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1157B11_2_00F1157B
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1154F11_2_00F1154F
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F12D2011_2_00F12D20
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1152611_2_00F11526
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F126FD11_2_00F126FD
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F116E711_2_00F116E7
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1368011_2_00F13680
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1668311_2_00F16683
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1167211_2_00F11672
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1665711_2_00F16657
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1662E11_2_00F1662E
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1161811_2_00F11618
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1660211_2_00F16602
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F117E011_2_00F117E0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F167EF11_2_00F167EF
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1178311_2_00F11783
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1278411_2_00F12784
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1878811_2_00F18788
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1877811_2_00F18778
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1677A11_2_00F1677A
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1174D11_2_00F1174D
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1672011_2_00F16720
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_00F1172211_2_00F11722
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0117631011_2_01176310
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_011714F811_2_011714F8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_011776BD11_2_011776BD
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0117893811_2_01178938
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_011799D011_2_011799D0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0117287011_2_01172870
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_01172E8811_2_01172E88
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0117115811_2_01171158
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_011711B211_2_011711B2
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_011731A811_2_011731A8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_011741C811_2_011741C8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0117200611_2_01172006
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0117100411_2_01171004
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0117103A11_2_0117103A
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0117106611_2_01171066
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0117409011_2_01174090
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0117408011_2_01174080
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0117108F11_2_0117108F
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_011710BB11_2_011710BB
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_011720EC11_2_011720EC
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0117132011_2_01171320
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0117339111_2_01173391
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_011733A011_2_011733A0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_011723E411_2_011723E4
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0117223D11_2_0117223D
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0117122711_2_01171227
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0117126211_2_01171262
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0117128D11_2_0117128D
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_011722C411_2_011722C4
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_011712C311_2_011712C3
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_011762FF11_2_011762FF
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0117140711_2_01171407
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0117645711_2_01176457
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0117245F11_2_0117245F
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_011704D711_2_011704D7
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_011724E811_2_011724E8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0117273911_2_01172739
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0117261211_2_01172612
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0117894811_2_01178948
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_01179AB611_2_01179AB6
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_01179C0B11_2_01179C0B
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_01175C6411_2_01175C64
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_01171FDA11_2_01171FDA
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_01170FC311_2_01170FC3
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_01170E2B11_2_01170E2B
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_01170E8711_2_01170E87
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_01170EBD11_2_01170EBD
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_01173ED011_2_01173ED0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_01170EDD11_2_01170EDD
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_01173EC211_2_01173EC2
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_01175EC011_2_01175EC0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_01179EF011_2_01179EF0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0CDD741811_2_0CDD7418
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0CDF04C011_2_0CDF04C0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0CDF004011_2_0CDF0040
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 11_2_0CDF000711_2_0CDF0007
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC14F814_2_04CC14F8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC601814_2_04CC6018
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC41D314_2_04CC41D3
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CCC19014_2_04CCC190
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC2A5814_2_04CC2A58
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CCBBC814_2_04CCBBC8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC1BF814_2_04CC1BF8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC04D714_2_04CC04D7
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC140714_2_04CC1407
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC108F14_2_04CC108F
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC408B14_2_04CC408B
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC409814_2_04CC4098
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC10BB14_2_04CC10BB
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC106614_2_04CC1066
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC600B14_2_04CC600B
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC100414_2_04CC1004
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC103A14_2_04CC103A
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC11B214_2_04CC11B2
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC115814_2_04CC1158
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC12C314_2_04CC12C3
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC128D14_2_04CC128D
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC126214_2_04CC1262
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC327614_2_04CC3276
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC122714_2_04CC1227
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC33A814_2_04CC33A8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC33A314_2_04CC33A3
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC132014_2_04CC1320
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC0EDD14_2_04CC0EDD
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC3ED814_2_04CC3ED8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC3ED314_2_04CC3ED3
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC0E8714_2_04CC0E87
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC0EBD14_2_04CC0EBD
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC0E2B14_2_04CC0E2B
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC0FC314_2_04CC0FC3
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_04CC2A5614_2_04CC2A56
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_051595B214_2_051595B2
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_051544A914_2_051544A9
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_05152D3014_2_05152D30
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_05157E3014_2_05157E30
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_0515D96014_2_0515D960
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_051519B814_2_051519B8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_05156AB814_2_05156AB8
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_0515658314_2_05156583
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_051565C414_2_051565C4
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_051565FA14_2_051565FA
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_0515644714_2_05156447
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_0515647D14_2_0515647D
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_0515649D14_2_0515649D
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_0515671814_2_05156718
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_0515877014_2_05158770
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_0515677214_2_05156772
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_0515878014_2_05158780
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_051567E714_2_051567E7
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_0515662614_2_05156626
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_0515664F14_2_0515664F
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_0515367014_2_05153670
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_0515667B14_2_0515667B
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_0515368014_2_05153680
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_051541B014_2_051541B0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_051541A114_2_051541A1
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_051563EB14_2_051563EB
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_0515E20014_2_0515E200
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_051592B014_2_051592B0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_051592AA14_2_051592AA
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_05152D0114_2_05152D01
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_0515ED0014_2_0515ED00
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_05157D4314_2_05157D43
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_05157DDA14_2_05157DDA
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_05152C8E14_2_05152C8E
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_0515196614_2_05151966
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_051519A114_2_051519A1
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_051569C714_2_051569C7
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_0515682214_2_05156822
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_0515684D14_2_0515684D
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_0515688314_2_05156883
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_051508D714_2_051508D7
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_051568E014_2_051568E0
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeCode function: 14_2_05155A9714_2_05155A97
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: String function: 00CD9DE0 appears 56 times
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: String function: 00D8D922 appears 38 times
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: String function: 00DA9AAD appears 34 times
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: String function: 00BC8190 appears 102 times
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: String function: 00D9022A appears 57 times
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: String function: 00BC9610 appears 241 times
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: String function: 00BC8220 appears 50 times
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: String function: 00D90D20 appears 39 times
Source: DecryptTool.exe.0.drStatic PE information: No import functions for PE file found
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll8 vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp100.dll^ vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp120.dll^ vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140.dll^ vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcr100_clr0400.dll^ vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcr120.dll^ vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameOpacityGuide.dllD vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameOpacityGuide.resources.dllD vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePCPrivacyShield.resources.dllD vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePdfReader.dll2 vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePerpetuum.dllD vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: get_OriginalFilename vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: ConfusedByAttributeExtensionAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeDebuggableAttributeDebuggingModesAssemblyTitleAttributeAssemblyDescriptionAttributeAssemblyConfigurationAttributeAssemblyCompanyAttributeAssemblyProductAttributeAssemblyCopyrightAttributeAssemblyTrademarkAttributeComVisibleAttributeGuidAttributeAssemblyFileVersionAttributeTargetFrameworkAttributeSystem.Runtime.VersioningFlagsAttributeCompilerGeneratedAttributeAsyncStateMachineAttributeDebuggerHiddenAttributeNewtonsoft.JsonJsonPropertyAttributeGeneratedCodeAttributeSystem.CodeDom.CompilerDebuggerNonUserCodeAttributeEditorBrowsableAttributeEditorBrowsableStatew!\,j)0t }MO"JL\\\+n'\*ZDoR%%.resourcesStringGetTypeFromHandleGetMethodConcatInvokeEqualsFailFastset_IsBackgroundStartget_CurrentThreadSleepDebuggerget_IsAttachedIsLoggingget_IsAliveMemoryStreamget_LengthReadByteReadByteUInt32RuntimeHelpersInitializeArrayArrayRuntimeFieldHandleGetElementTypeCreateInstanceBufferBlockCopyget_UTF8GetStringInternModuleget_Moduleget_CharsMarshalGetHINSTANCEIntPtrop_Explicitget_FullyQualifiedNameMathMaxWriteEmptyInt32GetValueOrDefaultJsonConvertDeserializeObjectFormatIsNullOrWhiteSpaceEndsWithRemoveContainsReplaceCreateGetBytesset_Methodset_Timeoutset_ContentTypeset_ContentLengthGetRequestStreamGetResponseGetResponseStreamReadToEndDisposeget_MessageLoggerToStringget_TaskAwaitUnsafeOnCompletedget_IsCompletedGetResultCloseSetExceptionSetResultDelayGetAwaiterManagementExceptionGetGetEnumeratorget_Currentget_Itemget_StackTraceRegistryGetValueCurrentUserOpenSubKeyConvertToBooleanToInt64FromBinaryTryParseMinValueDateTimeKindop_Subtractionget_TicksToBinaryInt64SetValueget_NowToShortDateStringToShortTimeStringWriteLineLocalMachineget_HasValueSystem.CoreEnumerableSystem.LinqSelectToArrayget_MainWindowHandleZeroop_InequalityGetFileNameWithoutExtensionGetProcessesByNameIsNullOrEmptyop_EqualityClassesRootCharBooleanCryptoUtil.CryptoToolsEncryptStringAesAddGuidNewGuidFromMinutesop_Additionget_WidthEnumeratorReverseget_CountTupleget_Item2SysInfoget_Is64BitOSGetValueNamesUnauthorizedAccessExceptionAddRangeAddSecondsToLocalTimeIFormatProviderToUniversalTimeget_UtcNowget_ExitCodeget_Item1Subtractget_TotalSecondsget_TotalMillisecondsGetFolderPathCombineDirectoryExistsCreateDirectoryget_IsWin10TrimToLowerCopyExpandEnvironmentVariablesFileStartsWithDecryptStringAesConsoleget_Majorget_Minorget_BuildGetExecutingAssemblyGetNameget_Versionget_Reasonget_StatusAppendOpenReadReadAllTextNextBytesWriteAllTextget_QuerySystem.WebHttpUtilityParseQueryStringadd_DoWorkRunWorkerAsyncSplitset_WindowStyleget_SystemDirectoryset_FileNameset_ArgumentsWaitForExitCreateSubKeyget_CurrentCultureget_ThreeLetterWindowsLanguageNameget_Defaultget_EncodingNameget_OSVersionTypeConversionBoolToStringDeleteStringExtensionsContainsCaseInsensitiveNewTaskget_Triggersget_Settingsset_StopIfGoingOnBatteriesset_DisallowStartIfOnBatteriesget_IdleSettingsset_StopOnIdleEndget_RegistrationInfoset_Descriptionget_Actionsget_RootFolder
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSetup.dllD vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSQLite.Interop.dllF vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTracking.dllD vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTreeViewFileExplorer.dllD vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUtil.dllD vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUtil.resources.dllD vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dll^ vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1716368342.0000000006AAC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewininet.dllD vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCaByp.dllD vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSfxCA.dll\ vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameExcelDataReader.dll@ vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameICSharpCode.SharpZipLib.dll8 vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Deployment.WindowsInstaller.dll\ vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSoftwareDetector.dllF vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameResourceCleaner.dllF vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePrereq.dllF vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNetFirewall.dllF vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameviewer.exeF vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelzmaextractor.dllF vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAICustAct.dllF vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000071FD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileNameupdater.exeD vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000071FD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWcDialog.exeD vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000071FD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBouncyCastle.Crypto.dllP vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000071FD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBsm.dllD vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArmt.exeD vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDecryptTool.exeD vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameInstAct.exeD vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePCPrivacyShield.exeD vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameschedc10.exeD vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTaskTools.exeD vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenametrialnotification.exeD vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exe, 00000003.00000003.1768133800.0000000003A51000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewininet.dllD vs PCPrivacyShieldSetup.exe
Source: PCPrivacyShieldSetup.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: Armt.exe.0.drStatic PE information: Section: nI7-I ZLIB complexity 1.0008928571428573
Source: DecryptTool.exe.0.drStatic PE information: Section: nI7-I ZLIB complexity 1.0005580357142858
Source: DecryptTool.exe0.0.drStatic PE information: Section: Hhex%(F ZLIB complexity 1.0005580357142858
Source: InstAct.exe.0.drStatic PE information: Section: Hhex%(F ZLIB complexity 1.0005387931034482
Source: PCPrivacyShield.exe.0.drStatic PE information: Section: nI7-I ZLIB complexity 1.0003095047923323
Source: schedc10.exe.0.drStatic PE information: Section: Hhex%(F ZLIB complexity 1.0009191176470589
Source: TaskTools.exe.0.drStatic PE information: Section: nI7-I ZLIB complexity 1.0004701967592593
Source: trialnotification.exe.0.drStatic PE information: Section: nI7-I ZLIB complexity 1.0007440476190477
Source: CaByp.dll.0.drStatic PE information: Section: Hhex%(F ZLIB complexity 1.0005396792763157
Source: ExcelDataReader.dll.0.dr, StandardEncryption.csCryptographic APIs: 'CreateDecryptor'
Source: ExcelDataReader.dll.0.dr, RC4Encryption.csCryptographic APIs: 'CreateDecryptor'
Source: ExcelDataReader.dll.0.dr, CryptoHelpers.csCryptographic APIs: 'CreateDecryptor'
Source: ExcelDataReader.dll.0.dr, XlsBiffStream.csCryptographic APIs: 'CreateDecryptor'
Source: ICSharpCode.SharpZipLib.dll.0.dr, InflaterInputBuffer.csCryptographic APIs: 'TransformBlock'
Source: ICSharpCode.SharpZipLib.dll.0.dr, DeflaterOutputStream.csCryptographic APIs: 'TransformBlock'
Source: ICSharpCode.SharpZipLib.dll.0.dr, ZipAESTransform.csCryptographic APIs: 'TransformBlock'
Source: classification engineClassification label: sus34.spyw.evad.winEXE@63/306@16/10
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00CDFDA0 FormatMessageW,GetLastError,0_2_00CDFDA0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BD7310 CoCreateInstance,CharNextW,CharNextW,CharNextW,CLSIDFromString,CharNextW,CoCreateInstance,CoCreateInstance,0_2_00BD7310
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BCA000 LoadResource,LockResource,SizeofResource,0_2_00BCA000
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy ShieldJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy ShieldJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMutant created: NULL
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMutant created: \Sessions\1\BaseNamedObjects\PCPrivacyShield
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Local\Temp\shiBC20.tmpJump to behavior
Source: PCPrivacyShieldSetup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeSystem information queried: HandleInformation
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: InstAct.exe, 00000007.00000002.1843409932.0000000002B38000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000A.00000002.1860099028.0000000003046000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000B.00000002.1898806369.0000000002A68000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000E.00000002.1943989651.0000000002C5A000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000F.00000002.2010871467.000000000261C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000011.00000002.1938221449.0000000002839000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000012.00000002.1944193693.000000000293C000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003055000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: select COUNT(*) from moz_places WHERE url LIKE 'http%' AND moz_places.id NOT IN (SELECT moz_bookmarks.fk FROM moz_bookmarks WHERE moz_bookmarks.fk IS NOT NULL);
Source: InstAct.exe, 00000007.00000002.1843409932.0000000002B38000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000A.00000002.1860099028.0000000003046000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000B.00000002.1898806369.0000000002A68000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000E.00000002.1943989651.0000000002C5A000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000F.00000002.2010871467.000000000261C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000011.00000002.1938221449.0000000002839000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000012.00000002.1944193693.000000000293C000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000003DD9000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003055000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT id, url, title, visit_count, datetime(last_visit_time/1000000-11644473600,'unixepoch','localtime') AS last_visit FROM urls WHERE url LIKE 'http%' ORDER BY last_visit ASC;
Source: PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000015.00000002.2039193870.00000000030A2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: create table tracking (name varchar(30), counter int, date datetime);
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: chrome.exe, 00000017.00000002.4208239417.00001D60025F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index */ path TEXT, /* Path to page from root */ pageno INTEGER, /* Page number */ pagetype TEXT, /* 'internal', 'leaf' or 'overflow' */ ncell INTEGER, /* Cells on page (0 for overflow) */ payload INTEGER, /* Bytes of payload on this page */ unused INTEGER, /* Bytes of unused space on this page */ mx_payload INTEGER, /* Largest payload size of all cells */ pgoffset INTEGER, /* Offset of page in file */ pgsize INTEGER, /* Size of the page */ schema TEXT HIDDEN /* Database schema being analyzed */);
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile read: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\PCPrivacyShieldSetup.exe "C:\Users\user\Desktop\PCPrivacyShieldSetup.exe"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6D9D21CE130F74F78C1DEE127FBFAB9C C
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeProcess created: C:\Users\user\Desktop\PCPrivacyShieldSetup.exe "C:\Users\user\Desktop\PCPrivacyShieldSetup.exe" /i "C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\PCPrivacyShield.msi" /L*v "C:\Users\user\AppData\Roaming\\PC Privacy Shield\PC Privacy Shield 4.9.8\install\installlog.txt" AI_EUIMSI=1 APPDIR="C:\Program Files (x86)\PC Privacy Shield" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Privacy Shield" SECONDSEQUENCE="1" CLIENTPROCESSID="7256" AI_MORE_CMD_LINE=1
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F339063B2D7F5AA49C6D3BCEA32A4992
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 1C300E307AD5246F63AB5C1721DD9590 E Global\MSI0000
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe "C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" xtend
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe "C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" removeOld
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe "C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" createini
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe "C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" install
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe "C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" installurl "C:\Users\user\Desktop\PCPrivacyShieldSetup.exe"
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe "C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" skipuac
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe "C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" popuptask
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe "C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe" startscan "C:\Users\user\Desktop\PCPrivacyShieldSetup.exe"
Source: unknownProcess created: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exe "C:\Program Files (x86)\PC Privacy Shield\TaskTools.exe" run_program
Source: unknownProcess created: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe "C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe" popup
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeProcess created: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe "C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=2024,i,16932873091567761477,1262112429000342913,262144 /prefetch:8
Source: unknownProcess created: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe "C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe" minimized
Source: unknownProcess created: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe "C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe" minimized
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeProcess created: C:\Users\user\Desktop\PCPrivacyShieldSetup.exe "C:\Users\user\Desktop\PCPrivacyShieldSetup.exe" /i "C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\PCPrivacyShield.msi" /L*v "C:\Users\user\AppData\Roaming\\PC Privacy Shield\PC Privacy Shield 4.9.8\install\installlog.txt" AI_EUIMSI=1 APPDIR="C:\Program Files (x86)\PC Privacy Shield" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Privacy Shield" SECONDSEQUENCE="1" CLIENTPROCESSID="7256" AI_MORE_CMD_LINE=1Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6D9D21CE130F74F78C1DEE127FBFAB9C CJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F339063B2D7F5AA49C6D3BCEA32A4992Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 1C300E307AD5246F63AB5C1721DD9590 E Global\MSI0000Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe "C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" xtendJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe "C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" removeOldJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe "C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" createiniJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe "C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" installJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe "C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" installurl "C:\Users\user\Desktop\PCPrivacyShieldSetup.exe"Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe "C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" skipuacJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe "C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" popuptaskJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe "C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe" startscan "C:\Users\user\Desktop\PCPrivacyShieldSetup.exe"Jump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeProcess created: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe "C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=2024,i,16932873091567761477,1262112429000342913,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: davhlpr.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: lpk.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: msihnd.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: msisip.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: davhlpr.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: lpk.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: msihnd.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: msisip.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: comsvcs.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: mscoree.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: version.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: mscoree.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: version.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: rasapi32.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: rasman.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: rtutils.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: schannel.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: mscoree.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: version.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: rasapi32.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: rasman.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: rtutils.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: schannel.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: mscoree.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: version.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: rasapi32.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: rasman.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: rtutils.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: schannel.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: wbemcomn.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: amsi.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: edputil.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: appresolver.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: bcp47langs.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: slc.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: sppc.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: mscoree.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: version.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: taskschd.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: sxs.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: xmllite.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: mscoree.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: version.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: taskschd.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: sxs.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: xmllite.dll
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeSection loaded: mscoree.dll
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeSection loaded: version.dll
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeSection loaded: rasapi32.dll
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeSection loaded: rasman.dll
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeSection loaded: rtutils.dll
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeSection loaded: winnsi.dll
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeFile written: C:\Program Files (x86)\PC Privacy Shield\updater.ini
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
Source: PCPrivacyShieldSetup.exeStatic PE information: certificate valid
Source: PCPrivacyShieldSetup.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: PCPrivacyShieldSetup.exeStatic file information: File size 14903080 > 1048576
Source: C:\Windows\System32\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\msvcr100.dllJump to behavior
Source: PCPrivacyShieldSetup.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x256600
Source: PCPrivacyShieldSetup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: PCPrivacyShieldSetup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: PCPrivacyShieldSetup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: PCPrivacyShieldSetup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: PCPrivacyShieldSetup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: PCPrivacyShieldSetup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: PCPrivacyShieldSetup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: PCPrivacyShieldSetup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: wininet.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1716368342.0000000006AAC000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1768133800.0000000003A51000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\NetFirewall.pdb: source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Dropbox\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\Net40\Newtonsoft.Json.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, InstAct.exe, 0000000B.00000002.1902083448.000000000C6A2000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdbC source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: d:\agent\_work\3\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\ChromeDownloads\ExcelDataReader-develop\ExcelDataReader-develop\src\ExcelDataReader\obj\Debug\net45\ExcelDataReader.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbl source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\NetFirewall.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: PCPrivacyShieldSetup.exe, PCPrivacyShieldSetup.exe, 00000000.00000000.1679879072.0000000000E18000.00000002.00000001.01000000.00000003.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000000.1762525754.0000000000E18000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: d:\agent\_work\3\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Branch\win\Release\stubs\x86\Updater.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: msvcp100.i386.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: msvcr100.i386.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdb| source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\ChromeDownloads\ExcelDataReader-develop\ExcelDataReader-develop\src\ExcelDataReader\obj\Debug\net45\ExcelDataReader.pdbSHA256 source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: msvcr120.i386.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Users\dahall\Documents\Visual Studio 2010\Projects\TaskService\obj\Release\Microsoft.Win32.TaskScheduler.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, InstAct.exe, 00000011.00000002.1939151292.0000000005E22000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: msvcp120.i386.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\dev\sqlite\dotnet\bin\2010\Win32\ReleaseStatic\System.Data.SQLite.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\ResourceCleaner.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074A3000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: wininet.pdbUGP source: PCPrivacyShieldSetup.exe, 00000000.00000003.1716368342.0000000006AAC000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1768133800.0000000003A51000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Users\dahall\Documents\Visual Studio 2010\Projects\TaskService\obj\Release\Microsoft.Win32.TaskScheduler.pdbp source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, InstAct.exe, 00000011.00000002.1939151292.0000000005E22000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\lzmaextractor.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Dropbox\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\Net40\Newtonsoft.Json.pdb source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, InstAct.exe, InstAct.exe, 0000000B.00000002.1902083448.000000000C6A2000.00000002.00000001.01000000.00000010.sdmp
Source: PCPrivacyShieldSetup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: PCPrivacyShieldSetup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: PCPrivacyShieldSetup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: PCPrivacyShieldSetup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: PCPrivacyShieldSetup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: Armt.exe.0.drStatic PE information: 0xA13B36D7 [Mon Sep 20 00:20:39 2055 UTC]
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00CDFF30 LoadLibraryW,GetProcAddress,FreeLibrary,0_2_00CDFF30
Source: Armt.exe.0.drStatic PE information: section name: nI7-I
Source: Armt.exe.0.drStatic PE information: section name:
Source: DecryptTool.exe.0.drStatic PE information: section name: nI7-I
Source: DecryptTool.exe0.0.drStatic PE information: section name: Hhex%(F
Source: DecryptTool.exe0.0.drStatic PE information: section name:
Source: InstAct.exe.0.drStatic PE information: section name: Hhex%(F
Source: InstAct.exe.0.drStatic PE information: section name:
Source: PCPrivacyShield.exe.0.drStatic PE information: section name: nI7-I
Source: PCPrivacyShield.exe.0.drStatic PE information: section name:
Source: schedc10.exe.0.drStatic PE information: section name: Hhex%(F
Source: schedc10.exe.0.drStatic PE information: section name:
Source: TaskTools.exe.0.drStatic PE information: section name: nI7-I
Source: TaskTools.exe.0.drStatic PE information: section name:
Source: trialnotification.exe.0.drStatic PE information: section name: nI7-I
Source: trialnotification.exe.0.drStatic PE information: section name:
Source: CaByp.dll.0.drStatic PE information: section name: Hhex%(F
Source: CaByp.dll.0.drStatic PE information: section name:
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013D073B push ds; ret 0_3_013D077E
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013D077F push ds; ret 0_3_013D078E
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013CAB55 push es; retf 0_3_013CACB6
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013CAB55 push es; retf 0_3_013CACB6
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013D07AD push ds; ret 0_3_013D07AE
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013CEBD4 push es; retf 0_3_013CECBE
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013D03C0 push cs; ret 0_3_013D03C6
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013C747D push es; retf 0_3_013C747E
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013C747D push es; retf 0_3_013C747E
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013C747F push es; iretd 0_3_013C748A
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013C747F push es; iretd 0_3_013C748A
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013CB865 push eax; retf 0_3_013CB8D8
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013CB865 push eax; retf 0_3_013CB8D8
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013CEE63 push es; ret 0_3_013CEE66
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013CAE5B push es; ret 0_3_013CAE5E
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013CAE5B push es; ret 0_3_013CAE5E
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013C7049 push es; ret 0_3_013C746A
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013C7049 push es; ret 0_3_013C746A
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013D073B push ds; ret 0_3_013D077E
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013D077F push ds; ret 0_3_013D078E
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013CAB55 push es; retf 0_3_013CACB6
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013CAB55 push es; retf 0_3_013CACB6
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013D07AD push ds; ret 0_3_013D07AE
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013CEBD4 push es; retf 0_3_013CECBE
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013D03C0 push cs; ret 0_3_013D03C6
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013C747D push es; retf 0_3_013C747E
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013C747D push es; retf 0_3_013C747E
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013C747F push es; iretd 0_3_013C748A
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013C747F push es; iretd 0_3_013C748A
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013CB865 push eax; retf 0_3_013CB8D8
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_3_013CB865 push eax; retf 0_3_013CB8D8
Source: Armt.exe.0.drStatic PE information: section name: nI7-I entropy: 7.988204850540779
Source: DecryptTool.exe.0.drStatic PE information: section name: nI7-I entropy: 7.9939755024410335
Source: DecryptTool.exe0.0.drStatic PE information: section name: Hhex%(F entropy: 7.993237953131477
Source: InstAct.exe.0.drStatic PE information: section name: Hhex%(F entropy: 7.993883626985112
Source: PCPrivacyShield.exe.0.drStatic PE information: section name: nI7-I entropy: 7.999877745648744
Source: schedc10.exe.0.drStatic PE information: section name: Hhex%(F entropy: 7.9891252827782
Source: TaskTools.exe.0.drStatic PE information: section name: nI7-I entropy: 7.996684801742378
Source: trialnotification.exe.0.drStatic PE information: section name: nI7-I entropy: 7.9906247052342305
Source: CaByp.dll.0.drStatic PE information: section name: Hhex%(F entropy: 7.994887791375117
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\CaByp.CA.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID2E4.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\TaskTools.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\msvcp120.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI703.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\vcruntime140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\de\PCPrivacyShield.resources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\de\Util.resources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\TreeViewFileExplorer.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Local\Temp\MSIBE18.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\OpacityGuide.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Perpetuum.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID84B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID4AF.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\BouncyCastle.Crypto.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID3D1.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\ExcelDataReader.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Newtonsoft.Json.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Local\Temp\MSIBD3B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\Bsm.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID441.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDB5C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\ja\OpacityGuide.resources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID411.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\es\OpacityGuide.resources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID362.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\BouncyCastle.Crypto.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE485.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Bsm.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\WcDialog.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\Armt.exeJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Local\Temp\MSIBCBD.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\msvcp140.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\fr\Util.resources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\Perpetuum.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\schedc10.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\msvcp100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\System.Data.SQLite.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\updater.exeJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Local\Temp\MSIBDF8.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Local\Temp\MSIBE48.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\vcruntime140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\es\OpacityGuide.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\es\PCPrivacyShield.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Local\Temp\shiD063.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\Newtonsoft.Json.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\x64\DecryptTool.exeJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\ICSharpCode.SharpZipLib.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\Tracking.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID966.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\NetFirewall.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Microsoft.Win32.TaskScheduler.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6B4.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\lzmaextractor.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Armt.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\es\Util.resources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\msvcr120.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Setup.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\x86\DecryptTool.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\ja\PCPrivacyShield.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\msvcr120.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\updater.exeJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\CaByp.CA.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\es\Util.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\msvcp120.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\Setup.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Local\Temp\MSIBF24.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\fr\Util.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Local\Temp\MSIF9C.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\fr\PCPrivacyShield.resources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\es\PCPrivacyShield.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\trialnotification.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\Microsoft.Win32.TaskScheduler.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\OpacityGuide.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID3A1.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\de\PCPrivacyShield.resources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\Util.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Tracking.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\TreeViewFileExplorer.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\msvcp100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\trialnotification.exeJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\PCPrivacyShield.exeJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Local\Temp\MSIBE68.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\msvcr100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\x64\DecryptTool.exeJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\x86\DecryptTool.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDAFD.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\PdfReader.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Local\Temp\MSIBFA3.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\CaByp.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\viewer.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\WcDialog.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\fr\OpacityGuide.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\ja\OpacityGuide.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\de\Util.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\schedc10.exeJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\CaByp.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\System.Data.SQLite.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Util.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\ja\PCPrivacyShield.resources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\de\OpacityGuide.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Local\Temp\MSIC1E8.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Local\Temp\MSIBFF3.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\msvcr100.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Local\Temp\MSIBF54.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Local\Temp\shiBC20.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\fr\PCPrivacyShield.resources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\ExcelDataReader.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\fr\OpacityGuide.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\msvcp140.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Local\Temp\MSIF6C.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\InstAct.exeJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\de\OpacityGuide.resources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\ICSharpCode.SharpZipLib.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\PdfReader.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID86B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID84B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID2E4.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID362.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID3A1.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID4AF.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI703.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE485.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID3D1.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID966.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6B4.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID441.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDB5C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID411.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDAFD.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID86B.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\installlog.txtJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeFile created: C:\Program Files (x86)\PC Privacy Shield\README.txt

Boot Survival

barindex
Installs Task Scheduler Managed Wrapper
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile created: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Microsoft.Win32.TaskScheduler.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PC Privacy Shield\Microsoft.Win32.TaskScheduler.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Privacy ShieldJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Privacy Shield\PC Privacy Shield.lnkJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Privacy Shield\Uninstall PC Privacy Shield.lnkJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PCPrivacyShield
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PCPrivacyShield
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOTJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOTJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 10A0000 memory reserve | memory write watchJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 2B10000 memory reserve | memory write watchJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 28B0000 memory reserve | memory write watchJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 50C0000 memory reserve | memory write watchJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 60C0000 memory reserve | memory write watchJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 61F0000 memory reserve | memory write watchJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 71F0000 memory reserve | memory write watchJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 7AE0000 memory reserve | memory write watchJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 8AE0000 memory reserve | memory write watchJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 50C0000 memory reserve | memory write watchJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 61F0000 memory reserve | memory write watchJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 7F20000 memory reserve | memory write watchJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 9D60000 memory reserve | memory write watchJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 8F20000 memory reserve | memory write watchJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 1650000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 3010000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 5010000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 5640000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 6640000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 6770000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 7770000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 80A0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 90A0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: A0A0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: B0A0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: B830000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: C830000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: D830000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: EBF0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 5640000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: F10000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 2A40000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 10E0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 5070000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 6070000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 61A0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 71A0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 7A40000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 8A40000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 5070000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 61A0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 8A40000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 9F80000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: B080000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: B510000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 2AC0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 2C30000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 4C30000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 52D0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 62D0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 6400000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 7400000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 7D60000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 8D60000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 52D0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 8D60000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 9EA0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 6900000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 7D60000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: AEA0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: B20000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 2600000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 4600000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 4C60000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 5C60000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 5D90000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 6D90000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 76A0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 86A0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 4C60000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 5D90000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 98E0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 8AA0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 76A0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: A8E0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 25D0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 2810000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 2620000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 4D90000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 5D90000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 5EC0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 6EC0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 7810000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 8810000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 4D90000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 5EC0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 9950000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 8D10000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 7810000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: A950000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 2650000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 2910000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 2650000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 4F00000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 5F00000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 6030000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 7030000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 78C0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 88C0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 4F00000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 6030000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 9B40000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 8CC0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: 78C0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 1220000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 2F60000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 2DA0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 5490000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 6490000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 65C0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 75C0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 86F0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 96F0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 5490000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 65C0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 89F0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: A8D0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 99F0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: BF50000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: CF50000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: DF50000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 10A10000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 5490000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 89F0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeMemory allocated: 2D70000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeMemory allocated: 1AFA0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 14B0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 3040000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 14B0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 5550000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 6550000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 6680000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 7680000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 8770000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 9770000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: A770000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: B770000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: BDE0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: CDE0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: DDE0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: F120000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 5550000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 1800000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 34E0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 3140000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 5B20000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 6B20000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 6C50000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 7C50000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 8BE0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 9BE0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 5B20000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 6C50000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 6C50000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 8E60000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 10F0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 2E80000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 2BA0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 55C0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 65C0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 66F0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 76F0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 8740000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 9740000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 55C0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 66F0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: A820000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 9AC0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 8740000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: B820000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 1930000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 36A0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 35B0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 5CF0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 6CF0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 6E20000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 7E20000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 8F10000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 9F10000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 5CF0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 6E20000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: 9210000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: B0F0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeMemory allocated: A210000 memory reserve | memory write watch
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 600000
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 599875
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 599760
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 599594
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 599317
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 599188
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 598969
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 598848
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 598719
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 598594
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 598485
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 598372
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 598250
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 598138
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 598016
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 597842
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 597734
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 597625
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 600000
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 599780
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 599624
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 599482
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 599346
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 599220
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 599092
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 598948
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 598779
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 598659
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 598521
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 598393
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 598268
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 598144
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 598025
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 597908
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 597678
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 597553
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 597423
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 597300
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 597174
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 597059
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 596940
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 596815
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 596690
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 596565
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 596440
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 596325
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 596206
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 596081
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 595955
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 595830
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 595705
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 595580
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 595455
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 595330
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 595215
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 595085
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 594881
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 594752
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 594627
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 594502
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 594376
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeWindow / User API: threadDelayed 2337
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeWindow / User API: threadDelayed 1323
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeWindow / User API: threadDelayed 5409
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeWindow / User API: threadDelayed 3735
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\CaByp.CA.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID2E4.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\msvcp120.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI703.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\vcruntime140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\de\PCPrivacyShield.resources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\de\Util.resources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\TreeViewFileExplorer.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIBE18.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\OpacityGuide.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Perpetuum.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID84B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID4AF.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\BouncyCastle.Crypto.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID3D1.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\ExcelDataReader.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Newtonsoft.Json.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\Bsm.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIBD3B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID441.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIDB5C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\ja\OpacityGuide.resources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID411.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\es\OpacityGuide.resources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID362.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\BouncyCastle.Crypto.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE485.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Bsm.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\WcDialog.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\Armt.exeJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIBCBD.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\msvcp140.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\fr\Util.resources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\schedc10.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\Perpetuum.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\msvcp100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\System.Data.SQLite.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\updater.exeJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIBE48.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIBDF8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\vcruntime140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\es\OpacityGuide.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\es\PCPrivacyShield.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shiD063.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\Newtonsoft.Json.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\x64\DecryptTool.exeJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\ICSharpCode.SharpZipLib.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\Tracking.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID966.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\NetFirewall.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Microsoft.Win32.TaskScheduler.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI6B4.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\lzmaextractor.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Armt.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\es\Util.resources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\msvcr120.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Setup.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\x86\DecryptTool.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\ja\PCPrivacyShield.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\msvcr120.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\updater.exeJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\es\Util.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\CaByp.CA.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\msvcp120.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\Setup.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIBF24.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\fr\Util.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIF9C.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\fr\PCPrivacyShield.resources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\es\PCPrivacyShield.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\trialnotification.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\Microsoft.Win32.TaskScheduler.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID3A1.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\OpacityGuide.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\de\PCPrivacyShield.resources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\Util.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Tracking.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\TreeViewFileExplorer.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\msvcp100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\trialnotification.exeJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIBE68.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\msvcr100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\x64\DecryptTool.exeJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\x86\DecryptTool.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIDAFD.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\PdfReader.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIBFA3.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\CaByp.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\viewer.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\WcDialog.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\fr\OpacityGuide.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\ja\OpacityGuide.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\de\Util.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\schedc10.exeJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\CaByp.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\System.Data.SQLite.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Util.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\de\OpacityGuide.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\ja\PCPrivacyShield.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIBFF3.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIC1E8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\msvcr100.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIBF54.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\fr\PCPrivacyShield.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shiBC20.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\ExcelDataReader.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\fr\OpacityGuide.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\msvcp140.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIF6C.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\de\OpacityGuide.resources.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PC Privacy Shield\ICSharpCode.SharpZipLib.dllJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\PdfReader.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID86B.tmpJump to dropped file
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-46230
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeAPI coverage: 7.4 %
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeAPI coverage: 8.0 %
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 7980Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 8176Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 1436Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 3752Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 7620Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 6184Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 1440Thread sleep time: -11068046444225724s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 1440Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 7500Thread sleep count: 2337 > 30
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 1440Thread sleep time: -599875s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 7500Thread sleep count: 1323 > 30
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 1440Thread sleep time: -599760s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 1440Thread sleep time: -599594s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 1440Thread sleep time: -599317s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 1440Thread sleep time: -599188s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 1440Thread sleep time: -598969s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 1440Thread sleep time: -598848s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 1440Thread sleep time: -598719s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 1440Thread sleep time: -598594s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 1440Thread sleep time: -598485s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 1440Thread sleep time: -598372s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 1440Thread sleep time: -598250s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 1440Thread sleep time: -598138s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 1440Thread sleep time: -598016s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 1440Thread sleep time: -597842s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 1440Thread sleep time: -597734s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 1440Thread sleep time: -597625s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 5408Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 7552Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 8152Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe TID: 2284Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 6928Thread sleep time: -33000s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 7488Thread sleep time: -34000s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -24903104499507879s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -599780s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -599624s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -599482s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -599346s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -599220s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -599092s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -598948s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -598779s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -598659s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -598521s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -598393s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -598268s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -598144s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -598025s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -597908s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -597678s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -597553s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -597423s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -597300s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -597174s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -597059s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -596940s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -596815s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -596690s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -596565s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -596440s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -596325s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -596206s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -596081s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -595955s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -595830s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -595705s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -595580s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -595455s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -595330s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -595215s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -595085s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -594881s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -594752s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -594627s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -594502s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8480Thread sleep time: -594376s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exe TID: 7616Thread sleep count: 258 > 30
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exe TID: 6616Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 7848Thread sleep count: 273 > 30
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 7848Thread sleep count: 227 > 30
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 7292Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 6536Thread sleep count: 201 > 30
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 6584Thread sleep count: 99 > 30
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 1720Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8828Thread sleep count: 179 > 30
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8764Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 8180Thread sleep count: 289 > 30
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe TID: 6548Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00D027F0 ReadFile,FindFirstFileW,FindClose,CreateEventW,CreateThread,WaitForSingleObject,GetExitCodeThread,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,0_2_00D027F0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00CDC9A0 FindFirstFileW,GetLastError,FindClose,0_2_00CDC9A0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00CDC040 _wcsrchr,FindFirstFileW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,_wcsrchr,0_2_00CDC040
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BE11B0 FindClose,PathIsUNCW,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError,_wcsrchr,_wcsrchr,PathIsUNCW,0_2_00BE11B0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00CC1130 GetShortPathNameW,FindFirstFileW,FindNextFileW,FindClose,0_2_00CC1130
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00CDE270 FindFirstFileW,FindClose,0_2_00CDE270
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00CDC3D0 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,GetFileAttributesW,FindNextFileW,0_2_00CDC3D0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00D208C0 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,0_2_00D208C0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00CDBDB0 _wcsrchr,_wcsrchr,FindFirstFileW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,_wcsrchr,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,GetFileAttributesW,SetFileAttributesW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,3_2_00CDBDB0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00D76840 GetCurrentProcess,GetProcessAffinityMask,GetSystemInfo,GetModuleHandleA,GetProcAddress,GlobalMemoryStatusEx,GlobalMemoryStatus,0_2_00D76840
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 600000
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 599875
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 599760
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 599594
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 599317
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 599188
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 598969
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 598848
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 598719
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 598594
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 598485
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 598372
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 598250
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 598138
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 598016
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 597842
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 597734
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 597625
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 600000
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 599780
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 599624
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 599482
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 599346
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 599220
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 599092
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 598948
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 598779
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 598659
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 598521
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 598393
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 598268
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 598144
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 598025
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 597908
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 597678
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 597553
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 597423
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 597300
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 597174
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 597059
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 596940
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 596815
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 596690
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 596565
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 596440
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 596325
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 596206
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 596081
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 595955
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 595830
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 595705
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 595580
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 595455
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 595330
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 595215
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 595085
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 594881
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 594752
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 594627
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 594502
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 594376
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeThread delayed: delay time: 922337203685477
Source: InstAct.exe, 0000000F.00000002.1982764222.000000000076A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllu
Source: PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003055000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
Source: chrome.exe, 00000017.00000002.4221861331.00001D6003E04000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ~]lx{tn~lzyqeMu{_tvwpd
Source: chrome.exe, 00000017.00000002.4212338065.00001D6002C74000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=451a1c23-008d-4f3b-a011-618091986f8d
Source: TaskTools.exe, 00000014.00000002.1994705612.00000000012DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}`$%
Source: PCPrivacyShield.exe, 00000013.00000002.4183416576.0000000000FD6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllk
Source: TaskTools.exe, 00000014.00000002.1994705612.00000000012DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\l.dll
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: HKEY_USERSRegOpenKeyTransactedW::NetUserGetInfo() failed with error: \@invalid string_view positionVMware, Inc.VMware Virtual PlatformVMware7,1innotek GmbHVirtualBoxMicrosoft CorporationVirtual MachineVRTUALACRSYSA M IGetting system informationManufacturer [Model [BIOS [\\?\UNC\\\?\shim_clone%d.%d.%d.%dDllGetVersion[%!]%!ProgramFilesFolderCommonFilesFolderDesktopFolderAllUsersDesktopFolderAppDataFolderFavoritesFolderStartMenuFolderProgramMenuFolderStartupFolderFontsFolderLocalAppDataFolderCommonAppDataFolderProgramFiles64FolderProgramFilesProgramW6432SystemFolderSystem32FolderWindowsFolderWindowsVolumeTempFolderSETUPEXEDIRshfolder.dllSHGetFolderPathWProgramFilesAPPDATAPROGRAMFILES&+
Source: InstAct.exe, 0000000B.00000002.1897935406.0000000000D42000.00000004.00000020.00020000.00000000.sdmp, InstAct.exe, 0000000E.00000002.1942206234.0000000001026000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4194067287.0000026298637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00D950F3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00D950F3
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00CDFF30 LoadLibraryW,GetProcAddress,FreeLibrary,0_2_00CDFF30
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00DAA0DB mov eax, dword ptr fs:[00000030h]0_2_00DAA0DB
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00DAA11F mov eax, dword ptr fs:[00000030h]0_2_00DAA11F
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00D9B5D7 mov ecx, dword ptr fs:[00000030h]0_2_00D9B5D7
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00D8F9A7 mov esi, dword ptr fs:[00000030h]0_2_00D8F9A7
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00DAA0DB mov eax, dword ptr fs:[00000030h]3_2_00DAA0DB
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00DAA11F mov eax, dword ptr fs:[00000030h]3_2_00DAA11F
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00D9B5D7 mov ecx, dword ptr fs:[00000030h]3_2_00D9B5D7
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00D8F9A7 mov esi, dword ptr fs:[00000030h]3_2_00D8F9A7
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00D8FA13 GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,0_2_00D8FA13
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeProcess token adjusted: Debug
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe "C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" installJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BFB0B0 __set_se_translator,SetUnhandledExceptionFilter,0_2_00BFB0B0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00D950F3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00D950F3
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00D90536 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00D90536
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BFDA20 __set_se_translator,SetUnhandledExceptionFilter,0_2_00BFDA20
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BFB0B0 __set_se_translator,SetUnhandledExceptionFilter,3_2_00BFB0B0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00D950F3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00D950F3
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00D90536 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00D90536
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 3_2_00BFDA20 __set_se_translator,SetUnhandledExceptionFilter,3_2_00BFDA20
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeMemory allocated: page read and write | page guardJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
.NET source code references suspicious native API functions
Source: Bsm.dll.0.dr, Basem.csReference to suspicious API methods: Kernel32.OpenProcess(ProcessAccessFlags.DuplicateHandle, bInheritHandle: true, (uint)targetPid)
Source: Microsoft.Deployment.WindowsInstaller.dll.0.dr, Installer.csReference to suspicious API methods: NativeMethods.LoadLibraryEx(modulePath, IntPtr.Zero, 2u)
Source: Microsoft.Deployment.WindowsInstaller.dll.0.dr, Installer.csReference to suspicious API methods: NativeMethods.FindResourceEx(intPtr, new IntPtr(10), new IntPtr(errorNumber), (ushort)num)
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00CC4260 CreateFileW,CloseHandle,WriteFile,CloseHandle,ShellExecuteExW,0_2_00CC4260
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeProcess created: C:\Users\user\Desktop\PCPrivacyShieldSetup.exe "C:\Users\user\Desktop\PCPrivacyShieldSetup.exe" /i "C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\PCPrivacyShield.msi" /L*v "C:\Users\user\AppData\Roaming\\PC Privacy Shield\PC Privacy Shield 4.9.8\install\installlog.txt" AI_EUIMSI=1 APPDIR="C:\Program Files (x86)\PC Privacy Shield" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Privacy Shield" SECONDSEQUENCE="1" CLIENTPROCESSID="7256" AI_MORE_CMD_LINE=1Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe "C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe" startscan "C:\Users\user\Desktop\PCPrivacyShieldSetup.exe"Jump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeProcess created: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe "C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe"
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeProcess created: C:\Users\user\Desktop\PCPrivacyShieldSetup.exe "c:\users\user\desktop\pcprivacyshieldsetup.exe" /i "c:\users\user\appdata\roaming\pc privacy shield\pc privacy shield 4.9.8\install\12f779e\pcprivacyshield.msi" /l*v "c:\users\user\appdata\roaming\\pc privacy shield\pc privacy shield 4.9.8\install\installlog.txt" ai_euimsi=1 appdir="c:\program files (x86)\pc privacy shield" shortcutdir="c:\programdata\microsoft\windows\start menu\programs\pc privacy shield" secondsequence="1" clientprocessid="7256" ai_more_cmd_line=1
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeProcess created: C:\Users\user\Desktop\PCPrivacyShieldSetup.exe "c:\users\user\desktop\pcprivacyshieldsetup.exe" /i "c:\users\user\appdata\roaming\pc privacy shield\pc privacy shield 4.9.8\install\12f779e\pcprivacyshield.msi" /l*v "c:\users\user\appdata\roaming\\pc privacy shield\pc privacy shield 4.9.8\install\installlog.txt" ai_euimsi=1 appdir="c:\program files (x86)\pc privacy shield" shortcutdir="c:\programdata\microsoft\windows\start menu\programs\pc privacy shield" secondsequence="1" clientprocessid="7256" ai_more_cmd_line=1Jump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00CDE790 GetCurrentProcess,OpenProcessToken,GetLastError,GetTokenInformation,GetTokenInformation,GetLastError,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,GetLastError,CloseHandle,0_2_00CDE790
Source: PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, InstAct.exe, InstAct.exe, 00000007.00000002.1843409932.0000000002B38000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000007.00000002.1845762757.0000000007D9A000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\installer_1.jpg VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\installer_1.jpg VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\installer_2.jpg VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Setup.dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Tracking.dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Util.dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Setup.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Util.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Setup.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Tracking.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Util.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Setup.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Tracking.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Util.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Setup.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Tracking.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Util.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Setup.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Tracking.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Util.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Microsoft.Win32.TaskScheduler.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\InstAct.exe VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Setup.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Tracking.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Util.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\InstAct.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Microsoft.Win32.TaskScheduler.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Setup.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Perpetuum.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Microsoft.Win32.TaskScheduler.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Tracking.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\OpacityGuide.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\System.Data.SQLite.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\System.Data.SQLite.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\System.Data.SQLite.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Bsm.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exe VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Microsoft.Win32.TaskScheduler.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Setup.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Util.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Perpetuum.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Microsoft.Win32.TaskScheduler.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Setup.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Util.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Perpetuum.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Microsoft.Win32.TaskScheduler.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Setup.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Util.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Perpetuum.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Microsoft.Win32.TaskScheduler.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Setup.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Util.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Perpetuum.dll VolumeInformation
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeQueries volume information: C:\Program Files (x86)\PC Privacy Shield\Microsoft.Win32.TaskScheduler.dll VolumeInformation
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00D0F8F0 InitializeCriticalSection,EnterCriticalSection,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,LeaveCriticalSection,GetLocalTime,0_2_00D0F8F0
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeCode function: 0_2_00BC7480 GetVersionExW,GetVersionExW,GetVersionExW,IsProcessorFeaturePresent,0_2_00BC7480
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\PCPrivacyShieldSetup.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 BlobJump to behavior

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
Source: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		1
Windows Management Instrumentation		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		21
Disable or Modify Tools		1
OS Credential Dumping		1
System Time Discovery		Remote Services11
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts12
Native API		1
DLL Search Order Hijacking		1
DLL Side-Loading		11
Deobfuscate/Decode Files or Information		LSASS Memory11
Peripheral Device Discovery		Remote Desktop Protocol1
Data from Local System		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
Command and Scripting Interpreter		11
Scheduled Task/Job		1
DLL Search Order Hijacking		3
Obfuscated Files or Information		Security Account Manager3
File and Directory Discovery		SMB/Windows Admin Shares1
Screen Capture		3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts11
Scheduled Task/Job		11
Registry Run Keys / Startup Folder		12
Process Injection		2
Software Packing		NTDS28
System Information Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script11
Scheduled Task/Job		1
Timestomp		LSA Secrets1
Query Registry		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts11
Registry Run Keys / Startup Folder		1
DLL Side-Loading		Cached Domain Credentials131
Security Software Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Search Order Hijacking		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
File Deletion		Proc Filesystem41
Virtualization/Sandbox Evasion		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt22
Masquerading		/etc/passwd and /etc/shadow1
Application Window Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron41
Virtualization/Sandbox Evasion		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd12
Process Injection		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1545595 Sample: PCPrivacyShieldSetup.exe Startdate: 30/10/2024 Architecture: WINDOWS Score: 34 60 pps.shieldappsverify.com 2->60 76 Multi AV Scanner detection for dropped file 2->76 78 .NET source code references suspicious native API functions 2->78 80 PE file contains section with special chars 2->80 82 PE file has nameless sections 2->82 9 PCPrivacyShieldSetup.exe 123 2->9         started        13 msiexec.exe 155 118 2->13         started        15 TaskTools.exe 2->15         started        17 3 other processes 2->17 signatures3 process4 file5 44 C:\Users\user\AppData\...\DecryptTool.exe, PE32 9->44 dropped 46 C:\Users\user\AppData\...\DecryptTool.exe, PE32+ 9->46 dropped 48 C:\Users\user\AppData\Roaming\...\updater.exe, PE32 9->48 dropped 56 58 other files (50 malicious) 9->56 dropped 84 Installs Task Scheduler Managed Wrapper 9->84 19 PCPrivacyShieldSetup.exe 6 9->19         started        50 C:\Windows\Installer\MSIE485.tmp, PE32 13->50 dropped 52 C:\Windows\Installer\MSIDB5C.tmp, PE32 13->52 dropped 54 C:\Windows\Installer\MSIDAFD.tmp, PE32 13->54 dropped 58 57 other files (40 malicious) 13->58 dropped 22 msiexec.exe 1 13->22         started        24 InstAct.exe 13->24         started        26 InstAct.exe 13->26         started        31 7 other processes 13->31 29 PCPrivacyShield.exe 15->29         started        signatures6 process7 dnsIp8 42 C:\Users\user\AppData\Local\...\shiD063.tmp, PE32+ 19->42 dropped 33 PCPrivacyShield.exe 22->33         started        36 chrome.exe 24->36         started        72 pps.shieldappsverify.com 149.210.194.253, 443, 49738, 49740 TRANSIP-ASAmsterdamtheNetherlandsNL Netherlands 26->72 file9 process10 dnsIp11 74 Tries to harvest and steal browser information (history, passwords, etc) 33->74 62 192.168.2.4, 138, 443, 49240 unknown unknown 36->62 64 239.255.255.250 unknown Reserved 36->64 39 chrome.exe 36->39         started        signatures12 process13 dnsIp14 66 shieldapps.com 50.87.253.110, 443, 49750, 49751 UNIFIEDLAYER-AS-1US United States 39->66 68 142.250.185.100, 443, 49771 GOOGLEUS United States 39->68 70 5 other IPs or domains 39->70

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
PCPrivacyShieldSetup.exe3%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\PC Privacy Shield\Armt.exe3%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\BouncyCastle.Crypto.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\Bsm.dll4%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\CaByp.CA.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\CaByp.dll3%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\ExcelDataReader.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\ICSharpCode.SharpZipLib.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\InstAct.exe3%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\Microsoft.Win32.TaskScheduler.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\Newtonsoft.Json.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\OpacityGuide.dll3%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe21%ReversingLabsWin32.Trojan.Generic
C:\Program Files (x86)\PC Privacy Shield\PdfReader.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\Perpetuum.dll3%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\Setup.dll3%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\System.Data.SQLite.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\TaskTools.exe3%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\Tracking.dll3%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\TreeViewFileExplorer.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\Util.dll3%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\WcDialog.exe0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\de\OpacityGuide.resources.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\de\PCPrivacyShield.resources.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\de\Util.resources.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\es\OpacityGuide.resources.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\es\PCPrivacyShield.resources.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\es\Util.resources.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\fr\OpacityGuide.resources.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\fr\PCPrivacyShield.resources.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\fr\Util.resources.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\ja\OpacityGuide.resources.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\ja\PCPrivacyShield.resources.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\msvcp100.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\msvcp120.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\msvcp140.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\msvcr100.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\msvcr120.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\schedc10.exe3%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\trialnotification.exe3%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\updater.exe0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\vcruntime140.dll0%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\x64\DecryptTool.exe3%ReversingLabs
C:\Program Files (x86)\PC Privacy Shield\x86\DecryptTool.exe3%ReversingLabs
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\NetFirewall.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\lzmaextractor.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\viewer.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIBCBD.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIBD3B.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIBDF8.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIBE18.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIBE48.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIBE68.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIBF24.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIBF54.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIBFA3.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIBFF3.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIC1E8.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIF6C.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIF9C.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\shiBC20.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\shiD063.tmp0%ReversingLabs
C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Armt.exe3%ReversingLabs
C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\BouncyCastle.Crypto.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Bsm.dll4%ReversingLabs
C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\CaByp.CA.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\CaByp.dll3%ReversingLabs
C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\ExcelDataReader.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\ICSharpCode.SharpZipLib.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\InstAct.exe3%ReversingLabs
C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Microsoft.Win32.TaskScheduler.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Newtonsoft.Json.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\OpacityGuide.dll3%ReversingLabs
C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\PCPrivacyShield.exe21%ReversingLabsWin32.Trojan.Generic
C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\PdfReader.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Perpetuum.dll3%ReversingLabs
C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Setup.dll3%ReversingLabs
C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\System.Data.SQLite.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\TaskTools.exe3%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
http://anglebug.com/46330%URL Reputationsafe
http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#0%URL Reputationsafe
https://anglebug.com/73820%URL Reputationsafe
https://issuetracker.google.com/2844622630%URL Reputationsafe
http://www.fontbureau.com/designers0%URL Reputationsafe
https://anglebug.com/77140%URL Reputationsafe
http://anglebug.com/62480%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://anglebug.com/69290%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://anglebug.com/52810%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
https://issuetracker.google.com/2554117480%URL Reputationsafe
https://anglebug.com/72460%URL Reputationsafe
https://anglebug.com/73690%URL Reputationsafe
https://anglebug.com/74890%URL Reputationsafe
https://issuetracker.google.com/1619030060%URL Reputationsafe
https://www.ecosia.org/newtab/0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://anglebug.com/30780%URL Reputationsafe
http://anglebug.com/75530%URL Reputationsafe
http://anglebug.com/53750%URL Reputationsafe
http://anglebug.com/53710%URL Reputationsafe
http://anglebug.com/47220%URL Reputationsafe
http://anglebug.com/75560%URL Reputationsafe
https://chromewebstore.google.com/0%URL Reputationsafe
http://anglebug.com/66920%URL Reputationsafe
https://issuetracker.google.com/2582074030%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://anglebug.com/35020%URL Reputationsafe
http://anglebug.com/36230%URL Reputationsafe
http://anglebug.com/36250%URL Reputationsafe
http://anglebug.com/36240%URL Reputationsafe
http://anglebug.com/50070%URL Reputationsafe
http://anglebug.com/38620%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
pps.shieldappsverify.com
149.210.194.253
truefalse
    		unknown
    code.jquery.com
    		151.101.194.137
    		truefalse
      		unknown
      www.google.com
      		142.250.186.164
      		truefalse
        		unknown
        analytics.google.com
        		142.250.186.110
        		truefalse
          		unknown
          td.doubleclick.net
          		142.250.186.162
          		truefalse
            		unknown
            shieldapps.com
            		50.87.253.110
            		truefalse
              		unknown
              stats.g.doubleclick.net
              		74.125.133.154
              		truefalse
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://shieldapps.com/wp-content/themes/shield-apps2/js/skip-link-focus-fix.js?ver=20151215false
                  		unknown
                  https://shieldapps.com/wp-content/themes/shield-apps2/css/slick.css?ver=6.6.2false
                    		unknown
                    https://shieldapps.com/wp-content/uploads/2015/06/box-identity-theft-preventer1.pngfalse
                      		unknown
                      https://shieldapps.com/wp-content/themes/shield-apps2/images/shield-apps-logo.pngfalse
                        		unknown
                        https://shieldapps.com/wp-content/uploads/2016/03/box-ransomware-defender1.pngfalse
                          		unknown
                          https://shieldapps.com/wp-includes/css/dist/block-library/style.min.css?ver=6.6.2false
                            		unknown
                            https://shieldapps.com/wp-content/uploads/2020/03/box-vpn1.pngfalse
                              		unknown
                              https://shieldapps.com/wp-content/uploads/complianz/css/banner-1-optout.css?v=30false
                                		unknown
                                https://shieldapps.com/wp-content/plugins/complianz-gdpr-premium/cookiebanner/js/complianz.min.js?ver=1720730544false
                                  		unknown
                                  https://shieldapps.com/wp-content/themes/shield-apps2/images/about-bkg.jpgfalse
                                    		unknown

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://td.doubleclick.net/td/ga/rul?tid=G-V0DL3XBK82&gacid=1954789622.1730307161&gtm=45Pe4as0v89616chrome.exe, 00000017.00000002.4211891400.00001D6002BAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4207489483.00001D60024E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://duckduckgo.com/chrome_newtabchrome.exe, 00000017.00000002.4210881976.00001D60029F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://crl.sectigo.com/SectigoPublicCodeSignivl~PCPrivacyShieldSetup.exe, 00000000.00000002.1969508218.0000000006625000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditingchrome.exe, 00000017.00000002.4205508309.00001D6002278000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://shieldapps.com/90dd1f3f-be22-409e-a4ce-2fbab89593adgeHandlerchrome.exe, 00000017.00000002.4214406203.00001D6002F14000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000002.1969508218.0000000006625000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000071FD000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1929595718.000000000135C000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930451926.000000000135E000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://crl.sectigo.com/SectigoPublicCodeSigniPCPrivacyShieldSetup.exe, 00000003.00000003.1929595718.000000000135C000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930451926.000000000135E000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://anglebug.com/4633chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000071FD000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1767804983.00000000044B1000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1931797641.00000000044B7000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1928662615.00000000044B6000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1929595718.000000000135C000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1767936999.00000000044B5000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930451926.000000000135E000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://anglebug.com/7382chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://issuetracker.google.com/284462263chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://scp.e2c3h1y.info/dbvercheck/check_f1.phpInstAct.exe, 00000007.00000002.1843409932.0000000002B29000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000A.00000002.1860099028.0000000003017000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000B.00000002.1898806369.0000000002A5C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000E.00000002.1943989651.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000F.00000002.2010871467.000000000261C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000011.00000002.1938221449.000000000282C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000012.00000002.1944193693.000000000292C000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, TaskTools.exe, 00000014.00000002.1998769025.0000000002FAC000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003055000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://docs.google.com/spreadsheets/installwebapp?usp=chrome_defaultheelchrome.exe, 00000017.00000002.4207432841.00001D60024C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://shieldapps.com/supportmain/product_support/InstAct.exe, 00000007.00000002.1843409932.0000000002B29000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000A.00000002.1860099028.0000000003017000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000B.00000002.1898806369.0000000002A5C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000E.00000002.1943989651.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000F.00000002.2010871467.000000000261C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000011.00000002.1938221449.000000000282C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000012.00000002.1944193693.000000000292C000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, TaskTools.exe, 00000014.00000002.1998769025.0000000002FAC000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003055000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://www.fontbureau.com/designersPCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEklychrome.exe, 00000017.00000002.4210805359.00001D60029CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4210989560.00001D6002A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4208615088.00001D60026B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://dns-tunnel-check.googlezip.net/connectchrome.exe, 00000017.00000002.4217928603.00001D60035F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://crbug.com/368855.)chrome.exe, 00000017.00000003.2131077220.00001D6002494000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2078314892.00001D6002494000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://shieldapps.com/xmlrpc.phpchrome.exe, 00000017.00000003.2066240499.00001D6002E80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4206461158.00001D600235C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://anglebug.com/7714chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://shieldapps.com/bserverchrome.exe, 00000017.00000002.4211044615.00001D6002A2C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://td.doubleclick.net/chrome.exe, 00000017.00000002.4218137838.00001D600365C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://taskscheduler.codeplex.com/H&PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, InstAct.exe, 00000011.00000002.1939481330.0000000005E6A000.00000002.00000001.01000000.00000012.sdmp, PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003102000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://shieldapps.comchrome.exe, 00000017.00000002.4216574035.00001D60031A5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2277253893.00001D6002E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4215918809.00001D60030B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://docs.google.com/document/u/0/create?usp=chrome_actionsAchrome.exe, 00000017.00000002.4210989560.00001D6002A0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      http://wixtoolset.orgPCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://unisolated.invalid/chrome.exe, 00000017.00000002.4211891400.00001D6002BAC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=1chrome.exe, 00000017.00000002.4220969629.00001D6003C19000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            http://anglebug.com/6248chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://www.galapagosdesign.com/DPleasePCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://clients3.google.com/generate_204PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003055000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              http://anglebug.com/6929chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://www.zhongyicts.com.cnPCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://www.google.com/accounts/OAuthLogin?issueuberauth=1chrome.exe, 00000017.00000003.3629543495.00001D6004490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://shieldapps.com/uDchrome.exe, 00000017.00000003.2277253893.00001D6002E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2183800270.00001D6002E64000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  http://anglebug.com/5281chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameInstAct.exe, 0000000B.00000002.1898806369.0000000002ADD000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000E.00000002.1943989651.0000000002D02000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000F.00000002.2010871467.000000000261C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000011.00000002.1938221449.000000000281B000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000012.00000002.1944193693.000000000292C000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000015.00000002.2039193870.00000000031B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://issuetracker.google.com/255411748chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://csp.withgoogle.com/csp/analytics-container-tag-servingCross-Origin-Resource-Policy:chrome.exe, 00000017.00000002.4216574035.00001D60031A5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2167094296.00001D600253C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://docs.google.com/document/u/0/create?usp=chrome_actionschrome.exe, 00000017.00000002.4210805359.00001D60029CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4210989560.00001D6002A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4208615088.00001D60026B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.pchrome.exe, 00000017.00000003.3629543495.00001D6004490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://anglebug.com/7246chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://anglebug.com/7369chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://anglebug.com/7489chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://duckduckgo.com/?q=chrome.exe, 00000017.00000002.4210881976.00001D60029F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://chrome.google.com/webstorechrome.exe, 00000017.00000003.2043258407.00001D6002E98000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://payments.google.com/payments/v4/js/integrator.jschrome.exe, 00000017.00000003.3629543495.00001D6004490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/previewchrome.exe, 00000017.00000003.2088217650.00001D6003350000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://doubleclick.net/Zchrome.exe, 00000017.00000002.4217548970.00001D6003554000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  http://block.shieldapps.us/cps_blocked.htmlInstAct.exe, 00000007.00000002.1843409932.0000000002B29000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000A.00000002.1860099028.0000000003017000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000B.00000002.1898806369.0000000002A68000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000B.00000002.1898806369.0000000002A5C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000E.00000002.1943989651.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000F.00000002.2010871467.000000000261C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000011.00000002.1938221449.000000000282C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000012.00000002.1944193693.000000000292C000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, TaskTools.exe, 00000014.00000002.1998769025.0000000002FAC000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003055000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://issuetracker.google.com/161903006chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://www.ecosia.org/newtab/chrome.exe, 00000017.00000003.3632211551.00001D600267C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624636601.00001D600267C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2045196020.00001D600267C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2097804706.00001D600267C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    http://www.carterandcone.comlPCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionschrome.exe, 00000017.00000002.4210158134.00001D6002918000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_pchrome.exe, 00000017.00000002.4215918809.00001D60030B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://testurl.comPMDoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECLBOkl9InstAct.exe, 00000007.00000002.1843409932.0000000002B38000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000A.00000002.1860099028.0000000003046000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000B.00000002.1898806369.0000000002A68000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000E.00000002.1943989651.0000000002C5A000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000F.00000002.2010871467.000000000261C000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000011.00000002.1938221449.0000000002839000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 00000012.00000002.1944193693.000000000293C000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000013.00000002.4194644871.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, PCPrivacyShield.exe, 00000015.00000002.2039193870.0000000003055000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://www.google.com/images/dot2.gifchrome.exe, 00000017.00000003.3629543495.00001D6004490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://anglebug.com/3078chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://anglebug.com/7553chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://anglebug.com/5375chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_pachrome.exe, 00000017.00000002.4215918809.00001D60030B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              http://anglebug.com/5371chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://anglebug.com/4722chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://m.google.com/devicemanagement/data/apichrome.exe, 00000017.00000002.4207092071.00001D600246C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://docs.google.com/presentation/u/0/create?usp=chrome_actionschrome.exe, 00000017.00000002.4210158134.00001D6002918000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://pps.shieldappsverify.comInstAct.exe, 0000000B.00000002.1898806369.0000000002B31000.00000004.00000800.00020000.00000000.sdmp, InstAct.exe, 0000000E.00000002.1943989651.0000000002D15000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://googletagmanager.com/cychrome.exe, 00000017.00000002.4218728757.00001D600393C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://anglebug.com/7556chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      https://chromewebstore.google.com/chrome.exe, 00000017.00000002.4204991671.00001D600221C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      https://shieldapps.com/?p=5772chrome.exe, 00000017.00000002.4206461158.00001D600235C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://www.advancedinstaller.comPCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1961456996.0000000001405000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://shieldapps.com/t/chrome.exe, 00000017.00000002.4217548970.00001D6003554000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://sandbox.google.com/chrome.exe, 00000017.00000002.4215286674.00001D600300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624717557.00001D6003134000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://doubleclick.net/ps.com/chrome.exe, 00000017.00000002.4218137838.00001D600365C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                http://unisolated.invalid/achrome.exe, 00000017.00000002.4211891400.00001D6002BAC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  http://anglebug.com/6692chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  https://issuetracker.google.com/258207403chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  http://www.founder.com.cn/cn/bThePCPrivacyShield.exe, 00000013.00000002.4560769217.00000000104F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  http://ocsp.sectigo.com0PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000077B9000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000074AC000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.000000000778B000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.00000000044B5000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000002.1969508218.0000000006625000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1710251405.0000000004290000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.00000000071FD000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000000.00000003.1706802309.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000003.1929595718.000000000135C000.00000004.00000020.00020000.00000000.sdmp, PCPrivacyShieldSetup.exe, 00000003.00000002.1930451926.000000000135E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  http://anglebug.com/3502chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  http://anglebug.com/3623chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  https://www.google.com/images/cleardot.gifchrome.exe, 00000017.00000003.3629543495.00001D6004490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://doubleclick.net/chrome.exe, 00000017.00000002.4217548970.00001D6003554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2277253893.00001D6002E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2183800270.00001D6002E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4218137838.00001D600365C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      http://anglebug.com/3625chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      http://anglebug.com/3624chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      http://anglebug.com/5007chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      http://anglebug.com/3862chrome.exe, 00000017.00000003.2042627918.00001D6002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      https://chrome.google.com/webstoreLDDiscoverchrome.exe, 00000017.00000003.3624907200.00001D600400C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2106626639.00001D6002E90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2104546867.00001D6002E90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624475467.00001D6004FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4207863974.00001D6002548000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2046785475.00001D6002E98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624717557.00001D6003134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2043258407.00001D6002E98000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://payments.google.com/payments/v4/js/integrator.js?7https://sandbox.google.com/payments/v4/js/chrome.exe, 00000017.00000003.3624907200.00001D600400C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624717557.00001D6003134000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://googletagmanager.com/chrome.exe, 00000017.00000003.3632211551.00001D600267C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.3624636601.00001D600267C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4218728757.00001D600393C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4217928603.00001D60035F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000002.4217548970.00001D6003554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2277253893.00001D6002E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.2183800270.00001D6002E64000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown

                                                                                                                                            World Map of Contacted IPs

                                                                                                                                            • No. of IPs < 25%
                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                            • 75% < No. of IPs

                                                                                                                                            Public IPs

                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                            74.125.133.154
                                                                                                                                            		stats.g.doubleclick.netUnited States
                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                            142.250.186.162
                                                                                                                                            		td.doubleclick.netUnited States
                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                            149.210.194.253
                                                                                                                                            		pps.shieldappsverify.comNetherlands
                                                                                                                                            		20857TRANSIP-ASAmsterdamtheNetherlandsNLfalse
                                                                                                                                            142.250.185.100
                                                                                                                                            		unknownUnited States
                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                            239.255.255.250
                                                                                                                                            		unknownReserved
                                                                                                                                            		unknownunknownfalse
                                                                                                                                            50.87.253.110
                                                                                                                                            		shieldapps.comUnited States
                                                                                                                                            		46606UNIFIEDLAYER-AS-1USfalse
                                                                                                                                            142.250.186.164
                                                                                                                                            		www.google.comUnited States
                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                            142.250.186.110
                                                                                                                                            		analytics.google.comUnited States
                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                            151.101.194.137
                                                                                                                                            		code.jquery.comUnited States
                                                                                                                                            		54113FASTLYUSfalse

                                                                                                                                            Private

                                                                                                                                            IP
                                                                                                                                            192.168.2.4

                                                                                                                                            General Information

                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                            Analysis ID:1545595
                                                                                                                                            Start date and time:2024-10-30 17:51:07 +01:00
                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                            Overall analysis duration:0h 14m 55s
                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                            Report type:full
                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                            Number of analysed new started processes analysed:30
                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                            Technologies:
                                                                                                                                            • HCA enabled
                                                                                                                                            • EGA enabled
                                                                                                                                            • AMSI enabled
                                                                                                                                            Analysis Mode:default
                                                                                                                                            Sample name:PCPrivacyShieldSetup.exe
                                                                                                                                            Detection:SUS
                                                                                                                                            Classification:sus34.spyw.evad.winEXE@63/306@16/10
                                                                                                                                            EGA Information:
                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                            HCA Information:
                                                                                                                                            • Successful, ratio: 55%
                                                                                                                                            • Number of executed functions: 59
                                                                                                                                            • Number of non-executed functions: 220
                                                                                                                                            Cookbook Comments:
                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                            Warnings

                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                            • Excluded IPs from analysis (whitelisted): 93.184.221.240, 192.229.221.95, 172.217.16.195, 172.217.16.206, 64.233.167.84, 34.104.35.123, 216.58.212.170, 142.250.185.136, 142.250.185.99, 216.58.206.46, 216.58.206.40, 142.250.184.202, 172.217.18.10, 142.250.74.202, 142.250.186.170, 142.250.186.106, 142.250.185.170, 142.250.184.234, 172.217.18.106, 216.58.206.74, 142.250.185.138, 142.250.186.138, 142.250.185.202, 172.217.16.202, 142.250.185.106, 142.250.185.74, 142.250.185.234, 142.250.186.131
                                                                                                                                            • Excluded domains from analysis (whitelisted): clients1.google.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, www.googletagmanager.com, update.googleapis.com, clients.l.google.com, www.google-analytics.com, optimizationguide-pa.googleapis.com
                                                                                                                                            • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                            • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                            • VT rate limit hit for: PCPrivacyShieldSetup.exe

                                                                                                                                            Simulations

                                                                                                                                            Behavior and APIs

                                                                                                                                            TimeTypeDescription
                                                                                                                                            12:52:19API Interceptor27x Sleep call for process: InstAct.exe modified
                                                                                                                                            12:52:42API Interceptor6159196x Sleep call for process: PCPrivacyShield.exe modified
                                                                                                                                            16:52:24Task SchedulerRun new task: PCPrivacyShield-User_Account_Control path: C:\Program Files (x86)\PC Privacy Shield\TaskTools.exe s>run_program
                                                                                                                                            16:52:24Task SchedulerRun new task: PCPrivacyShield_Offer_Notification_1 path: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe s>trialpopup
                                                                                                                                            16:52:24Task SchedulerRun new task: PCPrivacyShield_Scan_Status_1 path: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe s>splash
                                                                                                                                            16:52:25Task SchedulerRun new task: PCPrivacyShield_Scan_Status_3 path: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe s>popup
                                                                                                                                            16:52:25Task SchedulerRun new task: PCPrivacyShield_Scan_Status_4 path: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe s>recentpopup
                                                                                                                                            16:52:25Task SchedulerRun new task: PCPrivacyShield_Scan_Status_5 path: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe s>renew
                                                                                                                                            16:52:45AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run PCPrivacyShield "C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe" minimized
                                                                                                                                            16:52:53AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run PCPrivacyShield "C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe" minimized

                                                                                                                                            LLM Input / Output

                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                            IPs

                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                            239.255.255.250https://apollomicsinc-my.sharepoint.com/:u:/p/peony_yu/EThcAjzaTWNPs4NpIP1X0v0BUe4pmKNB9s6TANBDk5EDeA?rtime=8VndtY_33EgGet hashmaliciousUnknownBrowse
                                                                                                                                              https://wetransfer.com/downloads/bd15c1f671ae60c5a56e558eb8cc43bf20241030150256/3b30cd5b9ce1ffb29d79c9118153941c20241030150256/70baef?t_exp=1730559776&t_lsid=6bd545a9-d09b-4abd-a317-124dbe9fe64d&t_network=email&t_rid=YXV0aDB8NjZlYWI0YTExODhmYzc1OGMzMmNiODIx&t_s=download_link&t_ts=1730300576&utm_campaign=TRN_TDL_01&utmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                https://register.edx.org/verizon?&utm_source=vsf_e_paid-ggl-ubrnd&utm_medium=cpc&utm_campaign=GGL%7CEDX%7CAI%7CVSF%7CSEM%7CNBD%7CUS&gad_source=1&gclid=Cj0KCQjwj4K5BhDYARIsAD1Ly2pyzBeRgn77ojfsMTtg7r8SaT93hKq6Ob_f1zsDj7Kj8dy-Mn9a7tMaAng3EALw_wcB&_gl=1*1dphwek*_gcl_aw*R0NMLjE3MzAyMTU4NDAuQ2owS0NRandqNEs1QmhEWUFSSXNBRDFMeTJweXpCZVJnbjc3b2pmc01UdGc3cjhTYVQ5M2hLcTZPYl9mMXpzRGo3S2o4ZHktTW45YTd0TWFBbmczRUFMd193Y0I.*_gcl_au*MzQxNzQzMjE1LjE3MzAyMTU4Mzg.*_ga*MTE0OTEyNzE2Ni4xNzMwMjE1ODM5*_ga_D3KS4KMDT0*MTczMDIxNTgzOS4xLjAuMTczMDIxNTgzOS42MC4wLjAGet hashmaliciousUnknownBrowse
                                                                                                                                                  phish_alert_sp2_2.0.0.0.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                    https://register.edx.org/verizon?&utm_source=vsf_e_paid-ggl-ubrnd&utm_medium=cpc&utm_campaign=GGL%7CEDX%7CAI%7CVSF%7CSEM%7CNBD%7CUS&gad_source=1&gclid=Cj0KCQjwj4K5BhDYARIsAD1Ly2pyzBeRgn77ojfsMTtg7r8SaT93hKq6Ob_f1zsDj7Kj8dy-Mn9a7tMaAng3EALw_wcB&_gl=1*1dphwek*_gcl_aw*R0NMLjE3MzAyMTU4NDAuQ2owS0NRandqNEs1QmhEWUFSSXNBRDFMeTJweXpCZVJnbjc3b2pmc01UdGc3cjhTYVQ5M2hLcTZPYl9mMXpzRGo3S2o4ZHktTW45YTd0TWFBbmczRUFMd193Y0I.*_gcl_au*MzQxNzQzMjE1LjE3MzAyMTU4Mzg.*_ga*MTE0OTEyNzE2Ni4xNzMwMjE1ODM5*_ga_D3KS4KMDT0*MTczMDIxNTgzOS4xLjAuMTczMDIxNTgzOS42MC4wLjAGet hashmaliciousUnknownBrowse
                                                                                                                                                      https://schiller.life/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        https://jpm-ghana-2024-election-conversation-with-oct-24.open-exchange.net/join-the-call?ml_access_token=eyJjb250ZW50Ijp7ImV4cGlyYXRpb25EYXRlIjoiMjAyNC0xMC0zMVQxNToyMDo1OS4wMDZaIiwiZW1haWwiOiJyZGVpdHpAdnItY2FwaXRhbC5jb20iLCJldmVudElkIjo0MjY3Mn0sInNpZ25hdHVyZSI6Ik1FVUNJQzhaMDJJblVZd0syUk9WRkdjL1pMNHRBbWo4RmwxdW9mQjhwZzRmSjZsMkFpRUE5d25HUFFoa3ZrdkM2MlJkQ3lkM09YbnFJZ0xlQTAwMDIxNlRWbG9Hb0ZjPSJ9Get hashmaliciousUnknownBrowse
                                                                                                                                                          Derickdermatology.htmlGet hashmaliciousPhisherBrowse
                                                                                                                                                            https://www.mediafire.com/file/oyfycncwen0a3ue/DSP_Plan_Set.zip/fileGet hashmaliciousUnknownBrowse
                                                                                                                                                              Complete with Docusign_ Remittance Advice .pdf(1).emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                50.87.253.110seiOTujhm7.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                  SecuriteInfo.com.Variant.MSILHeracles.41449.22863.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                    SecuriteInfo.com.W32.AIDetectNet.01.16858.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                      RFQ_512038573837.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                        SecuriteInfo.com.W32.AIDetectNet.01.27397.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                          SecuriteInfo.com.W32.AIDetectNet.01.18421.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                            SecuriteInfo.com.W32.AIDetectNet.01.25422.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                              151.101.194.137http://facebooksecurity.blogspot.dk/Get hashmaliciousUnknownBrowse
                                                                                                                                                                              • code.jquery.com/jquery-1.7.min.js
                                                                                                                                                                              http://soporte-store.info/icloud2022-esp.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • code.jquery.com/jquery-1.11.3.min.js
                                                                                                                                                                              http://mi-outlook-loggin.click/icloud2022-esp.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • code.jquery.com/jquery-1.11.3.min.js
                                                                                                                                                                              http://www.oodlesoftraffic.com/ec/JaneMarksHealth/1934/acmariix2/Get hashmaliciousUnknownBrowse
                                                                                                                                                                              • code.jquery.com/jquery-1.9.1.js
                                                                                                                                                                              http://facebooksecurity.blogspot.pe/Get hashmaliciousUnknownBrowse
                                                                                                                                                                              • code.jquery.com/jquery-1.7.min.js
                                                                                                                                                                              https://tracker.club-os.com/campaign/click?qDomYmsgId=d738c6bd137e6a03157c6c728cbc659e734fc398&test=false&target=demsaenlinea.mx/jahn/00987667839933/utilities@affordablecare.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • code.jquery.com/jquery-3.3.1.min.js

                                                                                                                                                                              Domains

                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              code.jquery.comhttps://apollomicsinc-my.sharepoint.com/:u:/p/peony_yu/EThcAjzaTWNPs4NpIP1X0v0BUe4pmKNB9s6TANBDk5EDeA?rtime=8VndtY_33EgGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 151.101.2.137
                                                                                                                                                                              https://wetransfer.com/downloads/bd15c1f671ae60c5a56e558eb8cc43bf20241030150256/3b30cd5b9ce1ffb29d79c9118153941c20241030150256/70baef?t_exp=1730559776&t_lsid=6bd545a9-d09b-4abd-a317-124dbe9fe64d&t_network=email&t_rid=YXV0aDB8NjZlYWI0YTExODhmYzc1OGMzMmNiODIx&t_s=download_link&t_ts=1730300576&utm_campaign=TRN_TDL_01&utmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 151.101.194.137
                                                                                                                                                                              phish_alert_sp2_2.0.0.0.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 151.101.2.137
                                                                                                                                                                              https://schiller.life/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 151.101.130.137
                                                                                                                                                                              https://myworkspacec1d73.myclickfunnels.com/onlinereview--9cb35?preview=trueGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                              • 151.101.194.137
                                                                                                                                                                              Receipt.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 151.101.194.137
                                                                                                                                                                              http://wesiakkaernten.fibery.io/@public/forms/gBNXdAWEGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                              • 151.101.194.137
                                                                                                                                                                              http://wesiakkaernten.fibery.io/@public/forms/gBNXdAWEGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 151.101.2.137
                                                                                                                                                                              http://etf-remittance-payout.s3.us-east-1.amazonaws.com/DMwNjk0MTU2LWI2MTItNDg5My04YmZhLWNhMzBjZTMzO/jZTMzODU5NwBGAAAAAAA/doc.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 151.101.130.137
                                                                                                                                                                              https://onedrive.live.com/view.aspx?resid=8656653D19C3C7C0!s553e3fe901654d86bcc4ed44c7c05dd3&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy84NjU2NjUzZDE5YzNjN2MwL0V1a19QbFZsQVlaTnZNVHRSTWZBWGRNQmtvbDQ2b1NlN1o5MGFiazNzS3lGSlE_ZT1UMnQ4S3Y&wd=target%28Sezione%20senza%20titolo.one%7C8d7e5173-6006-4648-a69d-e39e66e7041a%2FAblehnung%20Rechnung%20R15946098273-KU30_WE02%20Vom%2028%5C%2F%7Cd77916b9-b471-429a-a13e-74764563e56b%2F%29&wdorigin=NavigationUrlGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 151.101.2.137
                                                                                                                                                                              shieldapps.comPmRXFyOFkf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                              • 50.87.253.110
                                                                                                                                                                              PmRXFyOFkf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 50.87.253.110

                                                                                                                                                                              ASNs

                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              TRANSIP-ASAmsterdamtheNetherlandsNL074kFuPFv8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 149.210.147.77
                                                                                                                                                                              074kFuPFv8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 149.210.147.77
                                                                                                                                                                              6fLnWSoXXD.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                              • 95.170.75.171
                                                                                                                                                                              la.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 136.144.215.32
                                                                                                                                                                              la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 37.97.214.146
                                                                                                                                                                              bnrKk80Fa9.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                              • 95.170.75.159
                                                                                                                                                                              na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                              • 95.170.75.159
                                                                                                                                                                              fBcMVl6ns6.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                              • 37.97.185.116
                                                                                                                                                                              rpQF1aDIK4.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                              • 37.97.185.116
                                                                                                                                                                              test.ps1Get hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                              • 37.97.185.116
                                                                                                                                                                              UNIFIEDLAYER-AS-1USReceipt.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 69.49.245.172
                                                                                                                                                                              SecuriteInfo.com.Win32.SuspectCrc.28663.30359.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • 162.241.63.77
                                                                                                                                                                              http://timecode.com.ar/Webmail/2/Webmail/webmail.php?email=gc@virtualintelligencebriefing.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 192.185.20.145
                                                                                                                                                                              Shipping documents 00039984849900044800.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                              • 192.185.13.234
                                                                                                                                                                              z1Transaction_ID_REF2418_cmd.batGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                                                                                                              • 50.116.93.185
                                                                                                                                                                              z1SWIFT_MT103_Payment_552016_cmd.batGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                              • 50.116.93.185
                                                                                                                                                                              Order Specifications for Materials.docx.vbsGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                              • 50.116.93.185
                                                                                                                                                                              https://mailhotcmhakamloops.wordpress.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                              • 69.49.230.198
                                                                                                                                                                              EVER ABILITY V66 PARTICULARS.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                              • 50.87.144.157
                                                                                                                                                                              MV. NORDRHONE VSL's PARTICULARS.xlsx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                              • 50.87.144.157
                                                                                                                                                                              FASTLYUShttps://apollomicsinc-my.sharepoint.com/:u:/p/peony_yu/EThcAjzaTWNPs4NpIP1X0v0BUe4pmKNB9s6TANBDk5EDeA?rtime=8VndtY_33EgGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 151.101.2.137
                                                                                                                                                                              https://wetransfer.com/downloads/bd15c1f671ae60c5a56e558eb8cc43bf20241030150256/3b30cd5b9ce1ffb29d79c9118153941c20241030150256/70baef?t_exp=1730559776&t_lsid=6bd545a9-d09b-4abd-a317-124dbe9fe64d&t_network=email&t_rid=YXV0aDB8NjZlYWI0YTExODhmYzc1OGMzMmNiODIx&t_s=download_link&t_ts=1730300576&utm_campaign=TRN_TDL_01&utmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 151.101.66.137
                                                                                                                                                                              phish_alert_sp2_2.0.0.0.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 151.101.2.137
                                                                                                                                                                              https://schiller.life/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 151.101.194.137
                                                                                                                                                                              https://www.mediafire.com/file/oyfycncwen0a3ue/DSP_Plan_Set.zip/fileGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 151.101.1.140
                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                              • 151.101.65.91
                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                              • 151.101.1.91
                                                                                                                                                                              https://cosiosos.com.de/7i2ko/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 151.101.65.229
                                                                                                                                                                              https://myworkspacec1d73.myclickfunnels.com/onlinereview--9cb35?preview=trueGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                              • 151.101.2.137
                                                                                                                                                                              https://zastromts.za.com/v3oX/#EGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 151.101.129.229

                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              28a2c9bd18a11de089ef85a160da29e4phish_alert_sp2_2.0.0.0.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 20.109.210.53
                                                                                                                                                                              • 2.19.244.127
                                                                                                                                                                              • 13.107.246.64
                                                                                                                                                                              • 173.222.162.32
                                                                                                                                                                              https://schiller.life/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 20.109.210.53
                                                                                                                                                                              • 2.19.244.127
                                                                                                                                                                              • 13.107.246.64
                                                                                                                                                                              • 173.222.162.32
                                                                                                                                                                              https://jpm-ghana-2024-election-conversation-with-oct-24.open-exchange.net/join-the-call?ml_access_token=eyJjb250ZW50Ijp7ImV4cGlyYXRpb25EYXRlIjoiMjAyNC0xMC0zMVQxNToyMDo1OS4wMDZaIiwiZW1haWwiOiJyZGVpdHpAdnItY2FwaXRhbC5jb20iLCJldmVudElkIjo0MjY3Mn0sInNpZ25hdHVyZSI6Ik1FVUNJQzhaMDJJblVZd0syUk9WRkdjL1pMNHRBbWo4RmwxdW9mQjhwZzRmSjZsMkFpRUE5d25HUFFoa3ZrdkM2MlJkQ3lkM09YbnFJZ0xlQTAwMDIxNlRWbG9Hb0ZjPSJ9Get hashmaliciousUnknownBrowse
                                                                                                                                                                              • 20.109.210.53
                                                                                                                                                                              • 2.19.244.127
                                                                                                                                                                              • 13.107.246.64
                                                                                                                                                                              • 173.222.162.32
                                                                                                                                                                              Derickdermatology.htmlGet hashmaliciousPhisherBrowse
                                                                                                                                                                              • 20.109.210.53
                                                                                                                                                                              • 2.19.244.127
                                                                                                                                                                              • 13.107.246.64
                                                                                                                                                                              • 173.222.162.32
                                                                                                                                                                              Complete with Docusign_ Remittance Advice .pdf(1).emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 20.109.210.53
                                                                                                                                                                              • 2.19.244.127
                                                                                                                                                                              • 13.107.246.64
                                                                                                                                                                              • 173.222.162.32
                                                                                                                                                                              https://cosiosos.com.de/7i2ko/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 20.109.210.53
                                                                                                                                                                              • 2.19.244.127
                                                                                                                                                                              • 13.107.246.64
                                                                                                                                                                              • 173.222.162.32
                                                                                                                                                                              https://myworkspacec1d73.myclickfunnels.com/onlinereview--9cb35?preview=trueGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                              • 20.109.210.53
                                                                                                                                                                              • 2.19.244.127
                                                                                                                                                                              • 13.107.246.64
                                                                                                                                                                              • 173.222.162.32
                                                                                                                                                                              https://zastromts.za.com/v3oX/#EGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 20.109.210.53
                                                                                                                                                                              • 2.19.244.127
                                                                                                                                                                              • 13.107.246.64
                                                                                                                                                                              • 173.222.162.32
                                                                                                                                                                              http://ffcu.onlineGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 20.109.210.53
                                                                                                                                                                              • 2.19.244.127
                                                                                                                                                                              • 13.107.246.64
                                                                                                                                                                              • 173.222.162.32
                                                                                                                                                                              Receipt.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 20.109.210.53
                                                                                                                                                                              • 2.19.244.127
                                                                                                                                                                              • 13.107.246.64
                                                                                                                                                                              • 173.222.162.32
                                                                                                                                                                              3b5074b1b5d032e5620f69f9f700ff0ehttps://jpm-ghana-2024-election-conversation-with-oct-24.open-exchange.net/join-the-call?ml_access_token=eyJjb250ZW50Ijp7ImV4cGlyYXRpb25EYXRlIjoiMjAyNC0xMC0zMVQxNToyMDo1OS4wMDZaIiwiZW1haWwiOiJyZGVpdHpAdnItY2FwaXRhbC5jb20iLCJldmVudElkIjo0MjY3Mn0sInNpZ25hdHVyZSI6Ik1FVUNJQzhaMDJJblVZd0syUk9WRkdjL1pMNHRBbWo4RmwxdW9mQjhwZzRmSjZsMkFpRUE5d25HUFFoa3ZrdkM2MlJkQ3lkM09YbnFJZ0xlQTAwMDIxNlRWbG9Hb0ZjPSJ9Get hashmaliciousUnknownBrowse
                                                                                                                                                                              • 149.210.194.253
                                                                                                                                                                              SecuriteInfo.com.Win32.PWSX-gen.31738.17793.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                              • 149.210.194.253
                                                                                                                                                                              http://ffcu.onlineGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 149.210.194.253
                                                                                                                                                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                              • 149.210.194.253
                                                                                                                                                                              https://token.onelogin.com-token-auth.com/Xa0Y1MmVibVhmY0E5dnlabzhVK2w2MVo4bXZUM3RzTFBZU1FSUEYxRHlzb29tODRTUDQ4alBDR3Y1cWUvN1JvVzhtWGVkaHFaSG0rOVpUTVV1VjY2a3MvZDB6TktwTHhsRk9xdzQwQjV6YjIvcnA5MjFsaFJEamtNdXI5UXQ1Qm9lK0ZsZFd0TXI0R2JWWlVYeFFXa2pBaXZOKzR2QXRkUTd3dlBLNzUrQ1RweERVMmQ5ZHQwdjlKZ2dlS2tEVUF5UEE9PS0tdFFWWndQdklZQXNodTY1US0tUXAyU1llVHhDaXRTRjU1OVNWMXFNdz09?cid=2262276963Get hashmaliciousKnowBe4Browse
                                                                                                                                                                              • 149.210.194.253
                                                                                                                                                                              Review_&_Aprove_Your_Next_Payroll84633.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 149.210.194.253
                                                                                                                                                                              0T32Kz4dZU.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                              • 149.210.194.253
                                                                                                                                                                              Factura Honorarios 2024-10.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                              • 149.210.194.253
                                                                                                                                                                              Fernissagerne.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                              • 149.210.194.253
                                                                                                                                                                              JUSTIFICANTE PAGO FRAS OCTUBRE 2024.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                              • 149.210.194.253

                                                                                                                                                                              Dropped Files

                                                                                                                                                                              No context

                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                              C:\Config.Msi\6fd120.rbs

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):4057623
                                                                                                                                                                              Entropy (8bit):6.513459941569785
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:49152:Ra2YBPaUF5loCKDva2YBPaUF5loCKD3a2YBPaUF5loCKDpa2YBPaUF5loCKDva2U:WaUXaUzaUraUPaUKK
                                                                                                                                                                              MD5:FA684C254E83F2E18028C3C69BA9A907
                                                                                                                                                                              SHA1:27AC64597173E23C705F6D5462C7F766F3C0A34C
                                                                                                                                                                              SHA-256:18697F8D268FBF8BEF83C065803890B54EC91AC62961F12EF11AAED6B8A3D854
                                                                                                                                                                              SHA-512:9B97173A03104808C4716AD02E3D5BE509F81C96E7B15AD97E460415C6CC6276FF160544975D1F31BC0BBAC2D46F24FFCF5218858A76A9C4C24A78F6AF9B64C2
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:...@IXOS.@.....@.f^Y.@.....@.....@.....@.....@.....@......&.{AFBC5F3E-A4BA-45F5-AD51-E866312F779E}..PC Privacy Shield..PCPrivacyShield.msi.@.....@.....@.....@......icon_1.exe..&.{60A2DEFC-2BD6-42B1-90C4-2BEB1CFB0618}.....@.....@.....@.....@.......@.....@.....@.......@......PC Privacy Shield......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{8440EFAC-09F5-41A9-AD93-B64FE313D3FE}&.{AFBC5F3E-A4BA-45F5-AD51-E866312F779E}.@......&.{F53DF7FF-AE19-43FE-A51C-30070961E070}&.{AFBC5F3E-A4BA-45F5-AD51-E866312F779E}.@......&.{BF94B3BE-2662-424A-AED9-D095D9D60DDA}&.{AFBC5F3E-A4BA-45F5-AD51-E866312F779E}.@......&.{AC60A957-0343-4281-9746-2B02FD454C86}&.{AFBC5F3E-A4BA-45F5-AD51-E866312F779E}.@......&.{935FC1DB-055A-428A-8608-6C82AFB5D086}&.{AFBC5F3E-A4BA-45F5-AD51-E866312F779E}.@......&.{ECD6772F-6C50-4B2B-BC20-F691C2D9C8C5}&.{AFBC5F3E-A4BA-45F5-AD51-E866312F779E}.@......&.{C5465F3D-9F95-453A-B460-D38C324EC

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\Armt.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):62864
                                                                                                                                                                              Entropy (8bit):6.807759537976002
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:Q1sVkIaVq2i5z552XRoKbq0xbbll1IFQKGiUWXLoMGHphPIFiU+u+vNZvnAMxkEp:Q+WKhz5gmmpeFpzHLzvt+u+v/vHxN
                                                                                                                                                                              MD5:F669441971B6F7F145771B7591BE0980
                                                                                                                                                                              SHA1:51761F3B2F7514A1FDC31B3352C1670A92B55948
                                                                                                                                                                              SHA-256:C1FEA02E8E52119CED40D08A856908F346B631B26B1AC95C51C8FF46C0CD60C1
                                                                                                                                                                              SHA-512:465320750F42C3F0AA62B47DFEC475E51C9EE9C66799002B6FCD26394B4E0C0E81F58BEEF2B0FD0ACC5569BB549D8853424333BEC2048ABBE00466578CB25703
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6;..........."...0..v...N.......@....... ....@.. .......................`......Q2....`.................................x...S........................-... .......................................................@..................H...........n.I7.-.I.D... ...F..................@....text...xr.......t...J.............. ..`.rsrc...............................@..@.reloc....... ......................@..B.............@...................... ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\Armt.exe.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):186
                                                                                                                                                                              Entropy (8bit):4.942919098144707
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:vFWWMNHU8LdgCQcIMOofMuQVQDURAmIRMNHjFHr0lUfEyhTRGfFvREBAW4QIMOov:TMVBd1IGMfVJ7VJdfEyFRmJuAW4QIm
                                                                                                                                                                              MD5:B51C130A957051BA9FB2245BF76FB6F6
                                                                                                                                                                              SHA1:42181E5745DAAB2A0E8CF87693142828306F9BDA
                                                                                                                                                                              SHA-256:7921098E47E894412FDFD0CAFE0F88CC68497740998EAC17C68C00129069D803
                                                                                                                                                                              SHA-512:FA2AC3EFF5D51AEA7ACC9CF6AA018A77FAE295D55C5BF808C9D7048C801BAF4626568F00FB001A9F2780C46DCE294482CFEB3045AABE139DDC557C0D3BC11640
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2"/>.. </startup>..</configuration>..

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\BouncyCastle.Crypto.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):2542992
                                                                                                                                                                              Entropy (8bit):5.82573983822512
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:49152:T4/4hyBYKMD+SNfXCwJtezvOd0HSC3souk1b3o:EMD+SNfCWtws
                                                                                                                                                                              MD5:038CCD987FA6A35E08D43E03764BF4E2
                                                                                                                                                                              SHA1:D7DDDC8A1C2B90DEAC2CE91D8E41A83F90EA2735
                                                                                                                                                                              SHA-256:623D7C005753177930374D649C33742A8BE69EAC391AF5764CF33048E87385F6
                                                                                                                                                                              SHA-512:8FB2CF0943591BE8C89CCE3BCDB0D1250A26B2E0666B5B91ED7B0FADBC5CF6A014C4CAEFE43088C97DA98EB54E23029F322CC4E09E74F7CA267A7C0BA3DF3CE2
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....S\...........!.....p&.. ........&.. ....&...@.. ........................&.....0t'.....................................D.&.W.....&.`.............&..-....&...................................................... ............... ..H............text....d&.. ...p&................. ..`.rsrc...`.....&.......&.............@..@.reloc........&.......&.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\Bsm.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):24976
                                                                                                                                                                              Entropy (8bit):6.750532114373355
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:RNx6m40QSiO3j9xzckxyYQfUWGjkpwK36ws8AM+o/8E9VF0NymHk:P0mxQShj9FzyYdP38AMxkEF
                                                                                                                                                                              MD5:07363CD395A7B7E1896D7CB5391132C5
                                                                                                                                                                              SHA1:662C89FD482E83681DD1F8DDB2AE507315F62F3D
                                                                                                                                                                              SHA-256:94B28E1AC1E1467981226FDC36D894778C4B98F39285EE9005732B15666DEE61
                                                                                                                                                                              SHA-512:E44243AE7C5F820D51DF72286EF3FA56AEA06F1B4C1E929533ED6D642F6180743E72E0C43DE8482674BAE59B3EC26C376AE730B7AA97F0C5D5FA84179EB618C7
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...fr.............!..0..,...........K... ...`....... ...................................@.................................xK..O....`...............4...-..........\K............................................... ............... ..H............text....+... ...,.................. ..`.rsrc........`......................@..@.reloc...............2..............@..B.................K......H........)..X"..........................................................z..}......}......}.......}....*...o.....Z.}......{.....X.}......(....}....*^.{....(.....~....}....*2.{....(....*.0..|.......r...p.(....%.is..... ....s.........+4......o......... ....(....&..o....(......o.......X......i2.....o.....Yo....r5..po.....*.0..9.......r...p......o.....(....-....\.o....o.....Xo.......(....*.*....0..........s......o ....+v..(!....(.......("...o......+;...("......o......o#...,"...($.

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\CaByp.CA.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):2501232
                                                                                                                                                                              Entropy (8bit):7.931852713018163
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:49152:PMY7+fqtne3fIkZrP3Hyv+pd248eN3mn9LNhSJfmxoJ/iY9CSbCdfJzjAs:PD7QUne3AUj3w+724QZhIeoJqmbC/d
                                                                                                                                                                              MD5:3F0505139F9AE1BF6FDD30CC73B62728
                                                                                                                                                                              SHA1:A69EFC6A9C0B7AC22C2F261585D7470CFB762DB3
                                                                                                                                                                              SHA-256:658C1D4DDDF1AFB8BB9F456DB4780129905AB7EA90988DD36258DE5C13450F2E
                                                                                                                                                                              SHA-512:EE71D308B9684D3A175ABBB05C7820D4781EEC9179FB57CA9DA9DDBB79E80F5B70DC5C27C9320B4807DDF909E5F6D52AD50002789A15D49C11206CB183CD0FD4
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................$.&...@.........................0}...*......x.....................%..-......4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...............................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\CaByp.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):289168
                                                                                                                                                                              Entropy (8bit):5.824310384948223
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:TNEk+RH0S9pPMdhToNQKJ1/O8Quo4W3xuxL:TNENRH0QPMdhToNQKJ1/O8Quo4W3xuxL
                                                                                                                                                                              MD5:5811D5410C62566A05D65CC6BA542FC4
                                                                                                                                                                              SHA1:1B8A5383877F8E5BD691E53EAF494BB6A6C33E6F
                                                                                                                                                                              SHA-256:4B960F91B789C6370A868A529FFFBDCD89F19E4F324F61A493EBA6D18A86A7E2
                                                                                                                                                                              SHA-512:44229BFD23EB32635EBFD4F4925120FE4536D7569813DC3FAED878F30B5C24AF52F5E31F4BD45CAF8789718705EE949FAA8DC63FB8427B662FB7DA2E0F20256A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..e...........!..0...................... ....... ....................................`.....................................O....`...............<...-..............................................................................H...........H.hex%(F..... ......................@....text.............................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.....................:.............. ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\ExcelDataReader.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):185744
                                                                                                                                                                              Entropy (8bit):6.179919060526076
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:94sAu3LFrmW7nlwPWAHv2wwBf/wi3Zwnrt4c/X7nVng:94sAUfjqlv/a/wianrmGlg
                                                                                                                                                                              MD5:D26D4C5D5BFC54E21590CBCF1BAEE738
                                                                                                                                                                              SHA1:BBD885C8D07A2E35BB047708E0D1045848E5F9D0
                                                                                                                                                                              SHA-256:BA0EFC85B62008DF78715B38314665322816F7C9CD5870AE7FC2B34AA3A78877
                                                                                                                                                                              SHA-512:7136E2E33E3DEFA25B4FBFD335EBCB30FD653465CAAD93CE8D692D98BEF63F7589A590D7E03FE1B05C815F49AFA11E06B0056C141352FCC73C12A8D1CA365404
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[3..........." ..0.................. ........... ....................................`.....................................O.......<................-..............T............................................ ............... ..H............text...H.... ...................... ..`.rsrc...<...........................@..@.reloc..............................@..B.......................H...........0...................0........................................0..G........((..........(....&...Y(........Y(..........(....&...Y(........Y(.....*..((.......(.......(.......(........(.....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*~.().........s....(*.....(+....*...(,.....(-...%-.&+.(....%-.&+.(.......(*....*~.(/.........s....(0.....(1....*...(2.....(3...%-.&+.(....%-.&+.(.......(0....*.0..............(4.......(......*....................0..

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\ICSharpCode.SharpZipLib.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):212368
                                                                                                                                                                              Entropy (8bit):5.842547845972743
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:9jMibqfQqFyGCDXiW9Pp/+Tl4abpuu201PB1BBXIDwtqSPVINrAfvp1yR8l:aibqI59PpOPf201/z7pIR8l
                                                                                                                                                                              MD5:42BDB6EBD0B3F8A18A9109983CD1B416
                                                                                                                                                                              SHA1:34C73A9EC9D4B5EEA39692FFDE24937DEE11BEEB
                                                                                                                                                                              SHA-256:A7ADEE4A9C0C8B6BC7FDD36D13BB918BB9AE441BB659D7067F390A85C9356F38
                                                                                                                                                                              SHA-512:E9154D49247767C9F228DDA16FA8F420B900090D724908E0C4769422A049C8D01FABB975F39D703A9E0CDEE341BE0C43B1977FECE465E2EF4441B28295878A9B
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<.K...........!......... ......^.... ........@.. .......................@.......>....@.....................................K........................-... ....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\InstAct.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):97168
                                                                                                                                                                              Entropy (8bit):6.72212974939906
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:y6mhDcl14R1sGF+JtmjNc7MhvkxwZm00GQFQnJ5sFBhoAUWxf:Ucl14RWWKAhkxwZm00GQFQnJ5sFBhoAp
                                                                                                                                                                              MD5:DC1153D77C40FE6977E0D4AC65866534
                                                                                                                                                                              SHA1:A3D9B20F81D90A22358D2123FBF06DF9E5713B47
                                                                                                                                                                              SHA-256:CC655807F733589215C29A27C03765579BD1C0A5FA0CFB2EB70E23D1848B3C14
                                                                                                                                                                              SHA-512:7829E020CAFF3C2FAE50607E8879A1379FC2B060C17F078540377CE7C1181D7A82FADDF04C0C9645921B72E6D9D9E6476484DA00EC54594CE2C745C84BA8AE04
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...}..e..............0...................... ....@.. ..............................zj....`.....................................O....................N...-..............................................................................H...........H.hex%(Fhs... ...t..................@....text................x.............. ..`.rsrc................:..............@..@.reloc...............J..............@..B.....................L.............. ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\InstAct.exe.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):232
                                                                                                                                                                              Entropy (8bit):4.9291270848865505
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:TMVBdTMkIffVymRMT4/0xC/C7VrfC7VNQAopuAW4QIm:TMHd413VymhsS+Qzop93xm
                                                                                                                                                                              MD5:DEA7F3714D54D630D31C8E9F8D5B2CE6
                                                                                                                                                                              SHA1:BF3A234D5AFFF9A61E468450ED716157AA47C3DD
                                                                                                                                                                              SHA-256:6C34A02A0C84BA2126A7408A3093C213792188A7838265DD1E4AC816988E8934
                                                                                                                                                                              SHA-512:374EB698BC372B125DEBDB6CC89A148CBB7ACF865C4E0E3AF629695A97FC1930AA86E3C3D0ECF3155644964C615A25C4180C6D85C892AAA4A96A885B3922A607
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727"/>.. </startup>..</configuration>..

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):184240
                                                                                                                                                                              Entropy (8bit):5.876033362692288
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                              MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                              SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                              SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                              SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\Microsoft.Win32.TaskScheduler.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):303504
                                                                                                                                                                              Entropy (8bit):6.178302726414292
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:/1BS4AY/z4VWTl5uxhFN/4NGEMGp/DsjzaWduZJB:/PBAY/8YTlshiX9AnaISP
                                                                                                                                                                              MD5:A17277397A35FDC160234213369750AA
                                                                                                                                                                              SHA1:C05A97885DF890D5ACA4549BD5CFCBE856EA1ACC
                                                                                                                                                                              SHA-256:7EA2D76D76AEAAA898445050AB594C162FF312C32B1A4F9225C0C24F470EBACB
                                                                                                                                                                              SHA-512:1985E35CF388398BBE0EB7F2FC28B1DA4C318386ABED83083CEB90C453D73993798120280BD52674566DA661481F91DEDF9787A2EFDDC78F32EDEA9F965EDF73
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......V.........." ..0..j............... ........... ...................................@.................................H...O.......@............t...-........................................................... ............... ..H............text....h... ...j.................. ..`.rsrc...@............l..............@..@.reloc...............r..............@..B................|.......H........s..................W............................................{~...*..{....*V.(......}~.....}....*...0..;........u#.....,/(.....{~....{~...o....,.(.....{.....{....o....*.*. .F*. )UU.Z(.....{~...o....X )UU.Z(.....{....o....X*.0...........r...p......%..{~..........&.....&...-.q&........&...-.&.+...&...o.....%..{...........'.....'...-.q'........'...-.&.+...'...o.....(....*..{....*..{....*..{....*r.(......}......}......}....*....0..S........u(.....,G(.....{.....{....o

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\Newtonsoft.Json.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):533904
                                                                                                                                                                              Entropy (8bit):5.922147639668495
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:jdgb9ewwFqjzz0PGrlEj/9wD82/4fGuHdln4akzxbcPuZF3GhXOtiTrd9DUIBaLF:EwMi7D8ueq7GBpdT9t78I0xj5I
                                                                                                                                                                              MD5:114427C622CBF51A8D6A309AFA86D3B9
                                                                                                                                                                              SHA1:CDB86ED59DFF9F8B51B5F48AD874DDAB9A9BEA15
                                                                                                                                                                              SHA-256:C5F652C0D14EE7D506C240B1241A0F85EB0FA1A0413A59287557F6298415DC78
                                                                                                                                                                              SHA-512:4987A0846C2B906FB44E0344C27AA6B447E70C5ED9B27B08ACE7529ECC536FFEE5A02FDBF3C5BCF7517A033279CCA4A115289D2B82626A95CDAD27E5CC793D78
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......X.........." ..0.............J.... ... ....... .......................`......[.....@.....................................O.... ..p................-...@....................................................... ............... ..H............text........ ...................... ..`.rsrc...p.... ......................@..@.reloc.......@......................@..B................,.......H........D..8...............X...@.........................................(8...*"..(9...*..(....*"..(....*&...(....*&...(....*F...(.......s....*..(....*..{....*"..}....*..{....*"..}....*V.(......(......(....*...}".....(....}%.....}#.....}$...*..0..E........{"......YE................+..{$...o.....X*.{#...j(-....X*r...ps....z....0...........{"......YE........R...R...*.{$.....~!...o......!.r...po....&..o....&.r...po....&*.o.....1....o....&..o....&*..[o....&..{#...o....&..]o....&

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\OpacityGuide.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):543632
                                                                                                                                                                              Entropy (8bit):6.930801208561013
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:E6nXfZtVRLqo/xPhAM5m7M3hMStt18IQVE5jKwuJ5C96BfiZs779ZYgss0:EGvZtfqo/qY3s0
                                                                                                                                                                              MD5:7E052016DEE700F3785AF8C5C23A4258
                                                                                                                                                                              SHA1:986D11EDB7D3992AE8B446D12D38823B1F054E44
                                                                                                                                                                              SHA-256:F8E61827157F6262155A0202831D041053839CBF7895C32A821C3A1796477863
                                                                                                                                                                              SHA-512:B8CAA976F1BCC7099CD3A9A680E4EE6D14DD6BB193FCAB504646153CE27F67478E2A45844A33A5DD556D8BE448B45E974DB9D826B25E61130A7049C9E5D0B4C6
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0..................@... ....... ...............................m....`.................................xH..S....@.. ................-...`.......................................................................@..H...........n.I7.-.I8.... ......................@....text...X....@...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................................... ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\OpacityGuide.dll.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):187
                                                                                                                                                                              Entropy (8bit):4.962434908080585
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:JLWMNHU8LdgCzMvHcIMOofMuQVQDURAmIRMNHjFHr0lUfEyhTRdolFvREBAW4QIT:JiMVBdTMkIGMfVJ7VJdfEyFRdSJuAW4p
                                                                                                                                                                              MD5:3F9B7C50015CA8BE5EC84127BB37E2CB
                                                                                                                                                                              SHA1:07FA0B2F00BA82A440BFEACAFD8B0B8D1B3E4EE7
                                                                                                                                                                              SHA-256:C66E1BA36E874342CD570CF5BDD3D8B73864A4C9E9D802398BE7F46FE39A8532
                                                                                                                                                                              SHA-512:DB5713DDA4ECAC0A1201ADD7D5D1A55BDBFC9E373B2277661869F7DE9E8BA593F44BDAFA6C8DBEBA09DF158B2DFDD1875C26C047F50597185F1F2F5612FC87B9
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />.. </startup>..</configuration>

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):6461328
                                                                                                                                                                              Entropy (8bit):7.199873616440346
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:49152:t2kqbUnozkTb5BqNFwIoufi2nTqgTCEcz4qeaR7JuHEEI+Nd0xSBoiMqx8:t2kqbUEkfTWKuLEVeEuHPI+NGxStx8
                                                                                                                                                                              MD5:5B34516DF5AB905BD334E908683A8084
                                                                                                                                                                              SHA1:2F654634A23FF8FB79B18423B541E1F1ACFD90DD
                                                                                                                                                                              SHA-256:05B3A066AD986C66457C3C3BEAC5EBD7958D783A1369ED0A3D1AA741DAD9456D
                                                                                                                                                                              SHA-512:F4EBC0540515352C99F38E7AC25F1F359D1AB54F873B938F95FD40F9F6184B565E88764521CADCE5541B301054CEDAFF78B5594E7B40693BE979441D351D8AB5
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...|..e..............0...H..b........b...... ....@.. ........................c.....A.c...`.................................x...S.....`..............jb..-....b.......................................................b.................H...........n.I7.-.I r... ...t..................@....text...`.H.......H..x.............. ..`.rsrc.........`......z`.............@..@.reloc........b......fb.............@..B..............b......hb............. ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):306
                                                                                                                                                                              Entropy (8bit):4.965945372100954
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:TMVBd1IffVymRMT4/0xC/C7VrfC7VNQAopuAKr5KNbSt+gP9XWw5W4QIm:TMHdG3VymhsS+Qzop9LN2tJP9Lo4xm
                                                                                                                                                                              MD5:680FA9077E165BD9A76192EADAF934A0
                                                                                                                                                                              SHA1:214BA065517C18E5ED7BFD7211D75D4C15FA9D5D
                                                                                                                                                                              SHA-256:5ECDD4389D4D2407FA47EC3D791263B451EDA72D7013FA1E14C884669B5194B7
                                                                                                                                                                              SHA-512:95839D0AFF803B184DF4A5EED0D152425DD5AAC088767E5B77D1D8A503D60AE6E941367BB3FBFDC68D510A7D5B209B784855235124DADEB036032710B8889473
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727"/>.. </startup>.. <runtime>.. <gcAllowVeryLargeObjects enabled="true" />.. </runtime>..</configuration>..

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\PdfReader.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):545680
                                                                                                                                                                              Entropy (8bit):6.138101390147843
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:V7/87yL6OxZSPvQLYigDMOW2BP1KA1CvbRcr:27yL6YZYvMYigDM01KWCvbRcr
                                                                                                                                                                              MD5:41B7D1E16166151CC731C67A058E4627
                                                                                                                                                                              SHA1:DADEDC6699102F697F21EAD65171DA3E437E1B70
                                                                                                                                                                              SHA-256:C2D839BC58911D591D27127E23D0CA9C3BC60EFB0D11E91626F3DFC201292E0A
                                                                                                                                                                              SHA-512:CB9C91B1FC4A9D5E1540B4F6FC7FA10044755CED46D19C9A9983F69766ED6F3855222F49412A18050C0432B341237AD1E5FE3274DF38E90197A5DFEEC5694FF8
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...s..e.........." ..0.................. ...@....... ..............................J.....`.................................0...O....@..p............&...-...`....................................................... ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`.......$..............@..B................d.......H...........(d............................................................(<...*.0..r.........YE....j...............................*...B...Z...r.............................dYE........................-...E...]...u...............................5...M...........e...}.......8....#.......@#.....T.@s....*#.....P.@#.......@s....*#.......@#.....P.@s....*#.....P.@#.......@s....*#.......@#.....P.@s....*#.....@z@#.......@s....*#.......@#.......@s....*#.......@#.......@s....*#.......@#

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\Perpetuum.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):491408
                                                                                                                                                                              Entropy (8bit):6.766686382097439
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:4e/INALgtV6pyARcDm/TqwoXJrjzptkyh4sSh7m0UVcjIjmiQf2j50A3B+:vkLAa/pB+
                                                                                                                                                                              MD5:7A851FC31B1A18B5A6A8544038F393CB
                                                                                                                                                                              SHA1:F8BF1B2D24745A3B040D49EDF59425AF4AB42EB3
                                                                                                                                                                              SHA-256:E5B226CEEAA7D23AEDC38C0AD43D842E6572DD5498D484DC1A32B67CCDE5139F
                                                                                                                                                                              SHA-512:680F625717E871EEB0FA1079ED60D598726A74E4C482F2768069E979C455C3ACA961A09E58F8DF82C210E867D17CEB81B1894F70F80F6549E7EC527E46FAEB4A
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..e...........!..0..(...&...........@... ....... ..............................&.....`..................................H..O....................R...-...........................................................................@..H...........H.hex%(F..... ... ..................@....text...H%...@...&...$.............. ..`.rsrc................J..............@..@.reloc...............N..............@..B.....................P.............. ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\README.txt

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files (x86)\PC Privacy Shield\InstAct.exe
                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):292
                                                                                                                                                                              Entropy (8bit):5.164831269849872
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:c213+ZRMjsZiAIxHyegswkn233wxnGZ6OwknaZ5kd3GZ6OwknaZ5kd3GZpc4n:b1uZRMwiRxHyegPfQ4Z6JrHG2Z6JrHGi
                                                                                                                                                                              MD5:E0B0047B6618B464385C7AC8EBBCFEFB
                                                                                                                                                                              SHA1:660C188D7C78FD7757454161A9E94A972C13D25F
                                                                                                                                                                              SHA-256:C1664B013F1A0FC0D39EA3ECEBAD6C70C565CAD6D1A2876BF11B19052F1F650C
                                                                                                                                                                              SHA-512:A68765EA49B8BA25B4224B5EA509B3C6889003CF0A531E3FD737791FAF6C50F8ADD2C7DA0E341BE979CE7BD63B917704632CF971637D8C7DC8F6071B859324AD
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:PLEASE NOTE: THIS PRODUCT REQUIRES ALLOCATION OF FILES OUTSIDE OF THE PRODUCT'S FOLDER...FILE LOCATIONS:..C:\Users\user\AppData\Local\PCPrivacyShield..C:\ProgramData\PC Privacy Shield..C:\Users\user\AppData\Roaming\PC Privacy Shield..C:\Users\user\AppData\Roaming\PC Privacy Shield 4.9.8..

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\Setup.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):269712
                                                                                                                                                                              Entropy (8bit):6.868155428721184
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:TM4xmfvJN1wV3fvMGU/p2RjfDhJZtxXn+tkUCjgmBZmnrROjudVUNpGSG39NAcI2:TMWyhN1wVPlSAZJZtxXn+tdCjgmBZmn7
                                                                                                                                                                              MD5:16A208BBF96144EE623B634F76AE6B87
                                                                                                                                                                              SHA1:1624FBE550A76541873C04175D2D6C20FA885C8F
                                                                                                                                                                              SHA-256:AE55827DAA58BE98838CCBABCEEE803CD59595576F3C6B7387AFB5226D04E32B
                                                                                                                                                                              SHA-512:89D6A8F7BE5DF9AB2CA3FE9203F8B347FB6D7620E3630312095ED4927A48A8464C9B9B6ACC2310FFBC8F421EE7F796BA4D1F94BE4F2ACA9D61D78CAF85238148
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e...........!..0..*...........`....... ....... ....................................`.....................................O.... ...................-...@.......................................................`..................H...........H.hex%(F..... ......................@....text....'.......(.................. ..`.rsrc........ ......................@..@.reloc.......@......................@..B.............`...................... ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\System.Data.SQLite.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1431952
                                                                                                                                                                              Entropy (8bit):6.839204333665325
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24576:Kii5k2wxy1kYKumepLDKpcWFjtsEfl5bSqU/uKM1JPWOdZCfSgH1uKiQxwF/BVUe:pSMdYKaMnfqq7mHWQqFqs
                                                                                                                                                                              MD5:F4C12A4A4FB7A9762E1BBDF280D87FCC
                                                                                                                                                                              SHA1:2FDD22D02A77279F5C32E99CC3ED7BCE471EE853
                                                                                                                                                                              SHA-256:7529CF94B79D7F5B19C1EB6E921A48EA70CF7D973FCEF05FEAB517C2C706CB09
                                                                                                                                                                              SHA-512:BAC02A6695290AD48F6D81161D675154BA3228E393B0F89C7054783DA53BBE4A54B8DFAFA451040865EF7EA3F863566FC51EB497C0368816E930E51A8B7BF9FC
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........?..Q[.Q[.Q[...[.Q[...[.Q[...[..Q[...[.Q[...[..Q[.P[q.Q[...[.Q[...[.Q[...[.Q[...[.Q[Rich.Q[........PE..L...a$.Y...........!......................................................................@..............................'......P.......<................-.......h..0...................................@...............................H............text............................... ..`.rdata..y...........................@..@.data....Q... ...$..................@....rsrc...<............0..............@..@.reloc...q.......r...:..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\TaskTools.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):183184
                                                                                                                                                                              Entropy (8bit):6.368864834079391
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:LKVYLIJ/K26/CaIlHpvyLbgmny7Uyx3ROeJgC+LIkQHca+gp44PSgjO4fxK:LNM/a+Jagmny7Uyx3ROeJgC+LIkQHcaQ
                                                                                                                                                                              MD5:13C119FDEB84F4E4A9386E48CBE7B1FD
                                                                                                                                                                              SHA1:6DAF120ABFADEB459E83349CB43F8A1CAB8DA942
                                                                                                                                                                              SHA-256:AD65B00A123371E579F8F6C72A29B3FCD5125C518D66D597ACB039EF9DACE26A
                                                                                                                                                                              SHA-512:34A0385A8C474F6614C9C3DA3E809DE6A916A6248769DE8166A32551A3171F3E028416FCD944EC08994DF3963CEB2DB651E91A9A41750D184158DF15965A3462
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...s..e.........."...0...................... ....@.. ....................... ......3T....@.................................x...S.......`................-..............................................................................H...........n.I7.-.I..... ......................@....text...h........................... ..`.rsrc...`...........................@..@.reloc..............................@..B.................................... ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\TaskTools.exe.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):231
                                                                                                                                                                              Entropy (8bit):4.934683524331857
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:TMVBd1IffVymRMT4/0xC/C7VrfC7VNQAopuAW4QIm:TMHdG3VymhsS+Qzop93xm
                                                                                                                                                                              MD5:2577E4B144EFCB577E51C1439155079A
                                                                                                                                                                              SHA1:8AC376D232D195179755BBFD1B20555E28FFFDDD
                                                                                                                                                                              SHA-256:BB7ACFD577ED69BAFF19C245537C289B340D559F2B4152F9F3C1DB9CC97ECDE9
                                                                                                                                                                              SHA-512:321506F74CA86E344BAC3A79520DE995501D18D634471F980FB314D1EE32EE2DD2705A2A608625F3D6B109EB444FC50AB83754D9A88F40CA86EBB0B8F5468578
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727"/>.. </startup>..</configuration>..

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\Tracking.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):212880
                                                                                                                                                                              Entropy (8bit):6.684349427552865
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:7j1GmkZuxggvDhOhv/qApWaLDnRrJnumeOYOEbVb/kxiFyceMP9lZZ:31GG5lOlnYaPRrJnumeOYbbVb/kxiFyi
                                                                                                                                                                              MD5:EF5063D69F9DCD73822521C1C6FBC386
                                                                                                                                                                              SHA1:30CBAC429C42ED30A19D00A84E811258B7D8E046
                                                                                                                                                                              SHA-256:6C11771696EAEB5B2F0EA1ED822604D00DC830875C9BE9ED340F28554348A9D9
                                                                                                                                                                              SHA-512:5A6A988D4F89DDCF702E0AC3977433EA8A04657FCE961DC36F90C35374A984450B4C2BCA218AE1739F227521129BA596A584474B75FD2EAE632E628D8A579C88
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..e.........."!..0......,...........`... ....... ...............................'....`.................................xh..S....@...................-...`.......................................................................`..H...........n.I7.-.I.%... ...&..................@....text........`.......*.............. ..`.rsrc........@......................@..@.reloc.......`......................@..B.................................... ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\TreeViewFileExplorer.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):43920
                                                                                                                                                                              Entropy (8bit):6.408926342650433
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:xVgtEWKk51yjdZbIYL++VXyp6oA2H563Sntop7oJeVAMxkEau:HgtEWzg++lfqZ6/oJ4x9
                                                                                                                                                                              MD5:1F5CF75612A5F4926DF98BD2A90E062A
                                                                                                                                                                              SHA1:BE7C9E7A336509129CC1D4EC78776B7C9C62EA6B
                                                                                                                                                                              SHA-256:A4DB0F2AF43100C1878E18350FE9BB365AC88FDB0C4C3E156429DCD04FF7FBC5
                                                                                                                                                                              SHA-512:DF1BD36DD359B250FFAD9F5DA806019617F21A65F7B1F7730BB7B64215AF8CF94D724715D42CAB1BFAF68CDC3EF279AEE959D14BE4AA99CE7413609D264C86EA
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...s..e.........." ..0..v............... ........... ..............................8f....`....................................O....................~...-........................................................... ............... ..H............text... t... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B........................H........B..|H..........@................................................0............r...p.r...p(......(......{U...r...p(....,\.{U...r...p(....,J.{M....._,?.{M... ...._-1.{M...._-'.{M...._-..{M... ...._-..{M.... _-...+....(....-..(....&..&...*.................0............r...p.r...p(......(......{U...r...p(....,\.{U...r...p(....,J.{M....._,?.{M... ...._-1.{M...._-'.{M...._-..{M... ...._-..{M.... _-...+....(....-..(....&..&...*.................0...........(....(...+...&...*.

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\TreeViewFileExplorer.dll.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):184
                                                                                                                                                                              Entropy (8bit):4.918719857487763
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:vFWWMNHU8LdgCQcIMOofMuQVQDURAmIRMNHjFHr0lUfEyhTRwFvREBAW4QIMOov:TMVBd1IGMfVJ7VJdfEyFRwJuAW4QIm
                                                                                                                                                                              MD5:C64632957C9A46B320E412D857E176C0
                                                                                                                                                                              SHA1:823615CC1FFA2033818AEA94781DA440662902BF
                                                                                                                                                                              SHA-256:16A5B2D1D7CC9914BCE73914D4D956D3BA7A2EC34E3D41E876F2E265C15D8096
                                                                                                                                                                              SHA-512:2B89C7953194A7ADF7EF77C98558C27F7CC968F89EDB04A7E13AB84DF7CAD1F4E23588016F01AFA2C0A4AD2768B6814E24A6342376B92DCAD48D35B8D4725C6B
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>.. </startup>..</configuration>..

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\Util.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):844688
                                                                                                                                                                              Entropy (8bit):6.765666106013207
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:svzLMwROMBXBZZ1Gy3sMkhYy5KcJZZRe4gAYsApWnGKV72sQQCVtk+bSWJSLGg1Y:sH3OmRZZ1GiVkhYy5dZRe3AYWnGmcqa
                                                                                                                                                                              MD5:D9EB67B1768883D795594F36EBFE4AC9
                                                                                                                                                                              SHA1:622F2EAD2BC9D29713E061D9EBF341C34C34785E
                                                                                                                                                                              SHA-256:8CF5DA3D10ED0D744966E621570B56396C2E2272614584BBD5F27B145486DADF
                                                                                                                                                                              SHA-512:B5FFDF2240C70EA6D8B0714608CEFC8D0DB3A7C69434E9AC77761403673A3BDA6EEED3A703E4BFD05AFE80F8A6721FA9240C0D001AC568D6F05BCB7EACC979D6
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t..e...........!..0..8...z....... ....... ....... .......................@...........`.....................................O........................-........................................................... ..................H...........H.hex%(F.r... ...t..................@....text... 5.......6...x.............. ..`.rsrc...............................@..@.reloc..............................@..B............. ...................... ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\WcDialog.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):34192
                                                                                                                                                                              Entropy (8bit):6.557553914587809
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:E3fLpStPq3g08G+EuFXs3vuTRw/MGPlYtfB8ptYcFwYB03KypwK36nBAM+o/8E9J:E3yel0cTY/ItYcFwYB6KNBAMxkET
                                                                                                                                                                              MD5:4663C5E625BBED223A3DD47B2101E6A1
                                                                                                                                                                              SHA1:146F406BCB5EC36CA3F6C66EA046D18E58DADA10
                                                                                                                                                                              SHA-256:D93810A51CB0A8F92160BB90CDDC1DA2DF128ABC5FA482D5EC5FBFB25E27EDBA
                                                                                                                                                                              SHA-512:A6358CBCD9C6F24CCF6FEB5AAFC290AA7D6063BD98AEBDA1284FA3578B2A83143C69292063FB0B949723F816BE35E28B060E061774F2D2BBB2C51E05A84BE300
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...-Ia..........."...0..B...........`... ........@.. ....................................`.................................l`..O....... ............X...-..........P`............................................... ............... ..H............text....@... ...B.................. ..`.rsrc... ............D..............@..@.reloc...............V..............@..B.................`......H............1..........._...............................................0.............................(....}8......};......}:.........*.........+w......~........... ....(.......ds.......ds.......ds.......d...d...d.....Y...........,......(......+... ..........,..+...-......+......:u......+...*...0.............~.......(..........r...ps........r+..p(3...~............|........~..................(.......~....(........,...(....&..................,...o............(....&.....+...*..

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\WcDialog.exe.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):187
                                                                                                                                                                              Entropy (8bit):4.962434908080585
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:JLWMNHU8LdgCzMvHcIMOofMuQVQDURAmIRMNHjFHr0lUfEyhTRdolFvREBAW4QIT:JiMVBdTMkIGMfVJ7VJdfEyFRdSJuAW4p
                                                                                                                                                                              MD5:3F9B7C50015CA8BE5EC84127BB37E2CB
                                                                                                                                                                              SHA1:07FA0B2F00BA82A440BFEACAFD8B0B8D1B3E4EE7
                                                                                                                                                                              SHA-256:C66E1BA36E874342CD570CF5BDD3D8B73864A4C9E9D802398BE7F46FE39A8532
                                                                                                                                                                              SHA-512:DB5713DDA4ECAC0A1201ADD7D5D1A55BDBFC9E373B2277661869F7DE9E8BA593F44BDAFA6C8DBEBA09DF158B2DFDD1875C26C047F50597185F1F2F5612FC87B9
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />.. </startup>..</configuration>

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\de\OpacityGuide.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):34704
                                                                                                                                                                              Entropy (8bit):6.017488385130605
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:U3d5WCyncDsSPm3MzwZpzhMXqm9uAHfAMxkEB:OdUCycDzPevbZm8AH/xF
                                                                                                                                                                              MD5:160CFB333B787B381C0292716F511677
                                                                                                                                                                              SHA1:F3E1935C009B35261DDE2137BA2B85C665884991
                                                                                                                                                                              SHA-256:B85E77DDE7FD58A898355C02F53A2E1ECAB6E3517B23D6B8FED5A941E864E056
                                                                                                                                                                              SHA-512:4439E4663693C2D93C0531B83AFD54AE79C1EFC2CF6D7AB9CB75A2C75796A6567D48D0F1F663036F7AD44B79FF06F8264AA8B24B5BAF7243D76C30B2606349E6
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t..e...........!.....R..........nq... ........... ....................................@..................................q..S....................Z...-........................................................... ............... ..H............text...tQ... ...R.................. ..`.rsrc................T..............@..@.reloc...............X..............@..B................Pq......H........m..8...........P ...M...........................................M.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....U.......PADPADP.:........T.....ET...4..o.~.a9...l3...Q.....Yf...~.9.Y...............&....O...A.=.J.P.....8.....w.t.#..9.......x..z...m..D*.............1....S'.@...1|.qI..\...+\.?.1.8GD.....y.}.|.g..V........m.C....<..}......@:.(

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\de\PCPrivacyShield.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):91024
                                                                                                                                                                              Entropy (8bit):5.284033050197909
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:SjrQH21GDTLrFqNQ0OCa0d0/klfBbfu2ChelRBxj:SjrQHlDTLrFqNQ0OQGGRj
                                                                                                                                                                              MD5:6088F7FDCBF2549AE50144BFEEA6FC19
                                                                                                                                                                              SHA1:F82B7694E5D92048187CF3B9DF44E02FD3A52406
                                                                                                                                                                              SHA-256:0791E8335979C14D00F0D1FFBA87DBC239B71D3E42F14B2A13F4A9BB0445AA7A
                                                                                                                                                                              SHA-512:563F5CED1B98A213DA08E1C24EA8EDFE02B6A99AF3981185341142EA1C8EC3B21E66B236BDF0852A45105E5A1302D8DF4CD8D109975B7D0E48741E45BE9242C9
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...|..e...........!................>L... ...`....... ..............................s ....@..................................K..O....`...............6...-........................................................... ............... ..H............text...D,... ...................... ..`.rsrc........`.......0..............@..@.reloc...............4..............@..B................ L......H........H..4...........P ..f(..........................................b(.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....'.......PADPADP..........z..F.)./..-...s7...j.. p.s....V........&Q..2........]..........N..3.......#B.6......N,...v....5...8R...........1.f.4.H]C..MP..RP..ZR.G.)..]b.....&..2.....w.9J......I'c.....V.J..i.J*).QlE....(...$[..

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\de\Util.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):19344
                                                                                                                                                                              Entropy (8bit):6.726648078112335
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:8JRzaVM68nK2PVFVupwK36CoAM+o/8E9VF0NyTUH:qoGK2Px5xAMxkEO
                                                                                                                                                                              MD5:0AD01D8096F91F88042EF8366DCB0CC6
                                                                                                                                                                              SHA1:A19D926F47F41723BCCC7687048B9F78385841CA
                                                                                                                                                                              SHA-256:F833428C32D5F847955990DE67E558672D7B563E3FDC47A71BFDB784A448EE41
                                                                                                                                                                              SHA-512:66663E889AC0E730F5A5302705E9C72E6CC27AD58D5B5B2DC0719AFB61BF22CA8F906CA535605E108668B174E86629154AE7C8CC151950E5ACF444592769F55B
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t..e...........!................^4... ...@....... ...............................S....@..................................4..S....@..p................-...`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................@4......H........0..............P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet..../.......PADPADP..p.....U..>...m@ .Q.e.....0m..ZA9..9.....sg...........(Vz.IR....;...:.-...b.-...]..9....A...pT0..Az.),..9PG..R..?p./3..;Se.;.,s<...>...A...D.EfP..P.;.Q...b...c`S|f.H.oru"qY..w........<...........p...0...L...........

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\es\OpacityGuide.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):34192
                                                                                                                                                                              Entropy (8bit):5.9922668238877455
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:FNmG8JvABMQWNBTDAcmzkGlRPJQAMxkE+42OB:rmGGvABMvNRD8RPJ+x6GB
                                                                                                                                                                              MD5:D33DD56999B8470A3A402278BA653074
                                                                                                                                                                              SHA1:7DC45BCD73409785790C37C6464C9755F63D3AC8
                                                                                                                                                                              SHA-256:D6B7119F43A34D19D4F026954A737367248558FC7A6487B2B651203FCA507CA4
                                                                                                                                                                              SHA-512:1A7E16521D8F9C5E621F926D012B72AB4D26D6ECA0F7DC35E06ABC3F562A1366CA5E1A1535125BE3E1D0490951E3598A63DC87DDF18B74B4B43625C03D9A6424
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t..e...........!.....P...........o... ........... ..............................,.....@.................................<o..O....................X...-........................................................... ............... ..H............text....O... ...P.................. ..`.rsrc................R..............@..@.reloc...............V..............@..B................po......H........l..8...........P ...K...........................................K.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....U.......PADPADP.:........T.....ET...4..o.~.a9...l3...Q.....Yf...~.9.Y...............&....O...A.=.J.P.....8.....w.t.#..9.......x..z...m..D*.............1....S'.@...1|.qI..\...+\.?.1.8GD.....y.}.|.g..V........m.C....<..}......@:.(

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\es\PCPrivacyShield.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):90512
                                                                                                                                                                              Entropy (8bit):5.256922556761538
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:2jgzNWpamnsk/2uVbwu6RxdovAygx9qzYxATxx:2jgzNWBsk/2uVbwu6RLoLg+zYxAX
                                                                                                                                                                              MD5:1A68F76BA5346051714D2CF0859E2CF9
                                                                                                                                                                              SHA1:C60DC6F015D61F6E6A50C502B84E35127AD27FB0
                                                                                                                                                                              SHA-256:09E838967CFE180C6BAB933069457B746AE3BB3664EF5E26760205835AD6E1E3
                                                                                                                                                                              SHA-512:162046F30937896E5F56E8A5B0DEE5DD2645C3FE7EBB80FEC94F5736F9CAACAB9E1BDA6C047E701412839B51DD8A387DFE6C3F1B7A51D8A0499ECBB3A7FDC7BD
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...}..e...........!.....,...........K... ...`....... ...............................8....@..................................J..K....`...............4...-........................................................... ............... ..H............text...$+... ...,.................. ..`.rsrc........`......................@..@.reloc...............2..............@..B.................K......H........G..4...........P ..J'..........................................F'.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....'.......PADPADP..........z..F.)./..-...s7...j.. p.s....V........&Q..2........]..........N..3.......#B.6......N,...v....5...8R...........1.f.4.H]C..MP..RP..ZR.G.)..]b.....&..2.....w.9J......I'c.....V.J..i.J*).QlE....(...$[..

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\es\Util.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):19344
                                                                                                                                                                              Entropy (8bit):6.742886869007296
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:azmMllJmR55pwK36FNrAM+o/8E9VF0Nyapwwdf:oFlu/OPrAMxkE8wy
                                                                                                                                                                              MD5:4AB2927F1C01FF5E16EC8136CDA74170
                                                                                                                                                                              SHA1:EF4A2E1125591080B3317D35D9D6323281F795B8
                                                                                                                                                                              SHA-256:FFD193E9C3D3EB4F207855F4276C45E097C97EF1A22632048D487FC04CBA456A
                                                                                                                                                                              SHA-512:826A1B6CBF56B89E7DA50C4FB0333711079DCE1F131137CB3CEB590F28C55423DF4D94A32ACEBD45052A525689B86FE10B5CAB7ACAA869294CD1D6FD20A7E4EC
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t..e...........!.................4... ...@....... ....................................@..................................4..W....@..p................-...`....................................................... ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B.................4......H.......x1..............P ..%...........................................!..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet..../.......PADPADP..p.....U..>...m@ .Q.e.....0m..ZA9..9.....sg...........(Vz.IR....;...:.-...b.-...]..9....A...pT0..Az.),..9PG..R..?p./3..;Se.;.,s<...>...A...D.EfP..P.;.Q...b...c`S|f.H.oru"qY..w........<...........p...0...L...........

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\fr\OpacityGuide.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):34704
                                                                                                                                                                              Entropy (8bit):6.012704448471184
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:pCm1rIGzYOZtH9pcmpBmTebn9R0kvvAMxkEl/:EmRIGzY+tdpc0kTebn9R0knxR/
                                                                                                                                                                              MD5:897B58CA580D2269F7402C928B45FF97
                                                                                                                                                                              SHA1:5235E3318E590AD2CA439717F3D2608E7CD9D90B
                                                                                                                                                                              SHA-256:E7E8995E10910DBE2BE741C38BA27EBA1F71F98CB5668CE4D71E4EBF30A8AC4F
                                                                                                                                                                              SHA-512:8959C9F6A0C8A7145B4551DF0F5D479B0D391BB53901EBC85089F8AF1622D6D106539CAE4AA4A1B6028B59AA6E6B80FA45477AF66353AA9493CA2B5B7DC149AD
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t..e...........!.....R..........^q... ........... ....................................@..................................q..K....................Z...-........................................................... ............... ..H............text...dQ... ...R.................. ..`.rsrc................T..............@..@.reloc...............X..............@..B................@q......H........m..8...........P ...M...........................................M.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....U.......PADPADP.:........T.....ET...4..o.~.a9...l3...Q.....Yf...~.9.Y...............&....O...A.=.J.P.....8.....w.t.#..9.......x..z...m..D*.............1....S'.@...1|.qI..\...+\.?.1.8GD.....y.}.|.g..V........m.C....<..}......@:.(

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\fr\PCPrivacyShield.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):91536
                                                                                                                                                                              Entropy (8bit):5.278385069288814
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:6jUW8fDC8shMWgZ8tt5G3EA/jYsTjZUsJTEMKJWH9cFG3Z+au2eRLeO8JCAfSxfX:6jb8fYeWgZ8tt5G3EA/jFjZtFEMKwH9E
                                                                                                                                                                              MD5:86F1D6A7B1528F9BBCD6F7229B8BEBAD
                                                                                                                                                                              SHA1:072B6AD093BF119D9C44292BB8E77BDE6B5481EB
                                                                                                                                                                              SHA-256:204C09995443258BF5859A36734427EC9642F385A62ED260431994456783E631
                                                                                                                                                                              SHA-512:AACA69535CF7526EA6B63527A6CEDCFC6E91846F9A1FDDD13CB1D7C8AFFAC13B389806CF19FD1202E278E6FFC5EAD72B39E8F18F237B7A4D36654F92346428FE
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...}..e...........!.....0...........O... ...`....... ...............................6....@.................................4O..W....`...............8...-........................................................... ............... ..H............text..../... ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............6..............@..B................pO......H........L..4...........P ...+...........................................+.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....(.......PADPADP..........z..F.)./..-...s7...j.. p.s....V........&Q..2........]..........N..3.......#B.6......N,...v....5...8R...........1.f.4.H]C..MP..RP..ZR.G.)..]b._.x.....&..2.....w.9J......I'c.....V.J..i.J*).QlE....(...

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\fr\Util.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):19344
                                                                                                                                                                              Entropy (8bit):6.7253916783993795
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:zBKV59meFVYSX32qmLpwK36TL6CI2DgAM+o/8E9VF0NylIrTW:dc59meFVYA32qmwCUgAMxkEoXW
                                                                                                                                                                              MD5:EED003EBEE1A71BC1CEA792625B1EB35
                                                                                                                                                                              SHA1:345A8FE319356E1608E690479B2BE356D39B6CDF
                                                                                                                                                                              SHA-256:92885816F14E0AF87C72AB182F4B4EFB73B06367F0DBA858047A5996B315BFED
                                                                                                                                                                              SHA-512:8DDB70A74FCE89EA3D062AF71F536A3C807257B36FD4480FDB4A5EFBA5A0291A8158852661B80FC7A3DAFAE062A8D62B4290C7DF837733D6A1F65614FDD3CDFF
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t..e...........!................~4... ...@....... ...............................5....@.................................$4..W....@..p................-...`....................................................... ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................`4......H........1..............P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet..../.......PADPADP..p.....U..>...m@ .Q.e.....0m..ZA9..9.....sg...........(Vz.IR....;...:.-...b.-...]..9....A...pT0..Az.),..9PG..R..?p./3..;Se.;.,s<...>...A...D.EfP..P.;.Q...b...c`S|f.H.oru"qY..w........<...........p...0...L...........

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\ja\OpacityGuide.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):26512
                                                                                                                                                                              Entropy (8bit):6.526888083101428
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:dloRzSNxa9gb/ztJsZY7oGslZCxNoFGtunpwK36+GAM+o/8E9VF0NypFs:MzlRZ3GoYtuc/AMxkENs
                                                                                                                                                                              MD5:698FCBED33A8576F0FABAB28FAA27177
                                                                                                                                                                              SHA1:CDE5F5FE7B9E28491993D630E08BA8417F566C41
                                                                                                                                                                              SHA-256:C9728AA1B3D0DE00CBF4C8F9D290D57318A1759B5DDE5681CF312E23556924B9
                                                                                                                                                                              SHA-512:EBB9D42715EDDCBD1A73CA2B6A11EB4CAF31E3DE4BF8BAE78378DE839E64A9CBA97E4EF7029E6A9D08F27199FF42780FC79FF088327546444B8137B595CC3D2B
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t..e...........!.....2...........Q... ...`....... ....................................@..................................Q..S....`...............:...-........................................................... ............... ..H............text....1... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................Q......H.......PN..8...........P ...-...........................................-.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....-.......PADPADP........ET...l3...Q.Yf...~.......O.=.J.......w..z...m.............1....S'.8GD.....y.}.......m.C...}..@:.(...8.>0~..3.v.>...AS.sE.s.E...G..PJ..uU.bc_.agc...o.e.q.n.s...y...y........2...y...-...1...3.......................

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\ja\PCPrivacyShield.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):96144
                                                                                                                                                                              Entropy (8bit):5.683421142250503
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:kjtguMPz0FjLlqo9vfj/rsQURfjkBztROpmxf:kjiuMr0FjLlqo9vfj/rsn7+XOpY
                                                                                                                                                                              MD5:1128487C60359CB7E15769A1BF2BAF7F
                                                                                                                                                                              SHA1:86F248F607250B7B2854D979ACE8820814C18651
                                                                                                                                                                              SHA-256:D8233CA85B7D517E8A84D35E840756D116D193A0A7BD5CB4C6C72EF4DC610BAE
                                                                                                                                                                              SHA-512:6E1E90B31F17BE191F4ACD07DDDF1BC54671A6514AFF7C0CB430C29AF53B131AB1D6837203C2FA5B6C8D954DE98A9742B330BE04304378F111B35372191C86B4
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...}..e...........!.....B..........._... ........... ...............................D....@.................................._..S....................J...-........................................................... ............... ..H............text....@... ...B.................. ..`.rsrc................D..............@..@.reloc...............H..............@..B................._......H.......t\..4...........P ..$<.......................................... <.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP..........z..F.)./..-...s7...j.. p.s....V........&Q..2........]..........N..3.......#B.6......N,...v....5...8R...........1.f.4.H]C..MP..RP..ZR.G.)..]b.....&..2.....w.9J......I'c.....V.J..i.J*).QlE....(...$[..

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\msvcp100.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):421200
                                                                                                                                                                              Entropy (8bit):6.595942471932211
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:Seb8zxr1aWPaHX7dGP5frhUgiW6QR7t5qv3Ooc8UHkC2e7wx:Seb8Fpa6aHX7dGP5Gv3Ooc8UHkC2ekx
                                                                                                                                                                              MD5:BC83108B18756547013ED443B8CDB31B
                                                                                                                                                                              SHA1:79BCAAD3714433E01C7F153B05B781F8D7CB318D
                                                                                                                                                                              SHA-256:B2AD109C15EAA92079582787B7772BA0A2F034F7D075907FF87028DF0EAEA671
                                                                                                                                                                              SHA-512:6E72B2D40E47567B3E506BE474DAFA7CACD0B53CD2C2D160C3B5384F2F461FC91BB5FDB614A351F628D4E516B3BBDABC2CC6D4CB4710970146D2938A687DD011
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........e..d...d...d.......d.......d...d..Cd..K*...d.......d.......d.......d.......d.......d.......d.......d..Rich.d..........................PE..L...A..M.........."!.................<.............x................................(~....@.................................<...<.... ...............V..P....0..D;..p................................/..@...............p............................text...u........................... ..`.data...$:.......,..................@....rsrc........ ......................@..@.reloc...S...0...T..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\msvcp120.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):455488
                                                                                                                                                                              Entropy (8bit):6.69762575816539
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:pVXWeWENKfCv9tYKt4YIWhUgiW6QR7t5ss3Ooc8DHkC2eXXI:jXWelZv9Gi4Vs3Ooc8DHkC2eXXI
                                                                                                                                                                              MD5:8080160D77881130485100FBF51A619D
                                                                                                                                                                              SHA1:AF7EF1F90AF489423439713EECAAAA81BDED2585
                                                                                                                                                                              SHA-256:AC9DDD9F6132D5F05709BBE2CEA3B3EABB2DF8E4BD79365B336AC9CE7C2D8C3E
                                                                                                                                                                              SHA-512:9C4D928898445B757908266EFAA79D16E57DF4FD1D3FE162C6B25D9A98E3B5E819A989B94286D923C90E99E50BEEEED74A83F4B20F11021ED8DB28DD6CA412E1
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I..'U.'U.'U.p.U.'U.&U..'U...U.'U...U.'U...U..'U...U..'U...U.'U...U.'U...U.'U...U.'URich.'U........PE..L......V.........."!.........................0............................................@..........................W..L...<...<.......................@?.......D...................................K..@...............<............................text...<........................... ..`.data....^...0...0... ..............@....idata...............P..............@..@.rsrc................j..............@..@.reloc...D.......F...n..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\msvcp140.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):627440
                                                                                                                                                                              Entropy (8bit):6.358008157076177
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:0Opw3ob/5jh6lN0RXhsdufjqDZZX/t5xTOKGmm75s79s8/y2MQEKZm+jWodEEVoA:M3ob/5jh6lN0RXhsdufjqDZZX/t5xTOq
                                                                                                                                                                              MD5:2F443A41E00A370754A50CFC02C2E470
                                                                                                                                                                              SHA1:0B812BDEEBF71B2F8382FC115960DC83830201B5
                                                                                                                                                                              SHA-256:BDF1D095D1419E9CE49E774590EE092B1B673CA259C0126F21AFE595B3E661EB
                                                                                                                                                                              SHA-512:15301C33835C67CDC0BD82E29D918411FB71DF40EE073E43EEEC96B85E94804E12DF4354B02D73C185CCA9B14349529A22D5AABD0FEAC41BBCBB9AE27273D039
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`..r$..!$..!$..!.O.!&..!-.|!2..!v.. '..!$..!...!v.. '..!v.. o..!v.. j..!v.. %..!v..!%..!v.. %..!Rich$..!................PE..d...~0.[.........." .........`...... ...............................................].....`A............................................h....................0..t@...T...>..............8............................................ ..........@....................text...|........................... ..`.rdata..<.... ......................@..@.data....;..........................@....pdata..t@...0...B..................@..@.didat..h............B..............@....rsrc................D..............@..@.reloc...............H..............@..B................................................................................................................................................................................................................

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\msvcr100.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):773968
                                                                                                                                                                              Entropy (8bit):6.901559811406837
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
                                                                                                                                                                              MD5:0E37FBFA79D349D672456923EC5FBBE3
                                                                                                                                                                              SHA1:4E880FC7625CCF8D9CA799D5B94CE2B1E7597335
                                                                                                                                                                              SHA-256:8793353461826FBD48F25EA8B835BE204B758CE7510DB2AF631B28850355BD18
                                                                                                                                                                              SHA-512:2BEA9BD528513A3C6A54BEAC25096EE200A4E6CCFC2A308AE9CFD1AD8738E2E2DEFD477D59DB527A048E5E9A4FE1FC1D771701DE14EF82B4DBCDC90DF0387630
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L......M.........."!.........................0.....x......................................@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\msvcr120.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):971584
                                                                                                                                                                              Entropy (8bit):6.964613857967258
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24576:HmFyjr0XnrmKnxvHeDJqN5br94sVs+Vbm:qXd4ebr9s+Vbm
                                                                                                                                                                              MD5:7F8DA89204332DF95CFC41F6E85DC515
                                                                                                                                                                              SHA1:7E8D71E1F2F9729A52B2938BFDDE69E56E6DE488
                                                                                                                                                                              SHA-256:1C8449F417566DD0FD69DC21EF77D46B9475FBAAC731DA35BDC71669F22242C8
                                                                                                                                                                              SHA-512:D48B833CBC9DB97D7BE4E986BE25AE097D1F55A33D591C5F554EC95D0D329F7CDC50687E16429289308A212CB00A8E2A640039CA7A056C5E03F58E21D3B27B33
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0iP.^:P.^:P.^:..:S.^:P._:..^:]L.:..^:]L.:1.^:]L.:f.^:]L.:..^:]L.:Q.^:]L.:Q.^:]L.:Q.^:RichP.^:........PE..L......V.........."!......................................................................@.........................`........R..(....p..................@?......\]......8...........................0...@............P...............................text............................... ..`.data...De.......V..................@....idata.......P......................@....rsrc........p.......2..............@..@.reloc..\].......^...6..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\schedc10.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):63888
                                                                                                                                                                              Entropy (8bit):6.858002043943741
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:93e+FUzJHNMxoGs1+I09d94mPEf3A5SCkprADYtzYcHeFwbPAMxkE8C:pe+4JH+oGs/0zJPEf3HCkprAEMFIPxQC
                                                                                                                                                                              MD5:DD519D00D81134F8924CA52B11A571B9
                                                                                                                                                                              SHA1:023E26E3814006E8B3D9DA377A674D5A0893CCA6
                                                                                                                                                                              SHA-256:F177B7DD96538A734892DE11505431206CCFF90A2A5655ADBD0CA657966934E7
                                                                                                                                                                              SHA-512:F665E533830BC124959628CA2ECE1B3AC5DD99EFF61C6AA924EA1885AD751A9E13337907B1E89221E28545CFCE882DF904E63B2299AC1EF42EAB313E4B7ECA7C
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..e..............0..r...V.......@....... ....@.. .......................`............`.....................................O........................-... .......................................................@..................H...........H.hex%(FtC... ...D..................@....text....o.......p...H.............. ..`.rsrc...............................@..@.reloc....... ......................@..B.............@...................... ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\schedc10.exe.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):232
                                                                                                                                                                              Entropy (8bit):4.9291270848865505
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:TMVBdTMkIffVymRMT4/0xC/C7VrfC7VNQAopuAW4QIm:TMHd413VymhsS+Qzop93xm
                                                                                                                                                                              MD5:DEA7F3714D54D630D31C8E9F8D5B2CE6
                                                                                                                                                                              SHA1:BF3A234D5AFFF9A61E468450ED716157AA47C3DD
                                                                                                                                                                              SHA-256:6C34A02A0C84BA2126A7408A3093C213792188A7838265DD1E4AC816988E8934
                                                                                                                                                                              SHA-512:374EB698BC372B125DEBDB6CC89A148CBB7ACF865C4E0E3AF629695A97FC1930AA86E3C3D0ECF3155644964C615A25C4180C6D85C892AAA4A96A885B3922A607
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727"/>.. </startup>..</configuration>..

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\trialnotification.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):79248
                                                                                                                                                                              Entropy (8bit):6.736061024532615
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:Z7zTLFCgrXB3ZTu+c/Dohx3/eV+ZPBAiGB+xq:JzdCgTTTFMcd/eV+ZPBAiGBT
                                                                                                                                                                              MD5:23FC2F0BABC42DF6F73B38A39ED10859
                                                                                                                                                                              SHA1:CB447653F061ABCCE6F2F5E1A26CAA4370E5A564
                                                                                                                                                                              SHA-256:E1FF61E6A3C91475D1DDEBD5139F9CE368B2D819290B98F28A08351087026B49
                                                                                                                                                                              SHA-512:BE3A9918F654EB0F3811918419C80ADBC3E5A32FFFC80F162FECA1CCCEECD579A0B607AEBFDB6651F5FB66E9522C75C0C5D0364D252595F83E5D2250AE2A6706
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..............0......f.......`....... ....@.. ..............................-.....`.................................x...S.... ...................-...@.......................................................`..................H...........n.I7.-.I.R... ...T..................@....text................X.............. ..`.rsrc........ ......................@..@.reloc.......@......................@..B.............`...................... ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\trialnotification.exe.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):224
                                                                                                                                                                              Entropy (8bit):4.880118702095831
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:TMVBdTtdcIjkfVymRMT4/0xvFM7VEk7VNQA5DuACQIT:TMHdRd9ofVymhsvFfSz5D9CxT
                                                                                                                                                                              MD5:0147569A84082745173115350C3E28BA
                                                                                                                                                                              SHA1:A8C42DB365E56A2D3CE19BA062C9C3AD7455FD94
                                                                                                                                                                              SHA-256:8BD37A6478C79DA70CECCCB45D15FB9A2FA841D53DCD38F7028DE3F2DBE54D3F
                                                                                                                                                                              SHA-512:90E62AE6DF3191E21088D06922384F3C78638FCC34D27037C628CC641D3EB15158892C557A183949FBFE8EC9BBC60DEA2C219B84124F1FDD76B6E3757A67D6E7
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8" ?>.<configuration>. <startup useLegacyV2RuntimeActivationPolicy="true">. <supportedRuntime version="v4.0" />. <supportedRuntime version="v2.0.50727"/>. </startup>.</configuration>

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\updater.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):641424
                                                                                                                                                                              Entropy (8bit):6.379815631148314
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:oOSzitgsfnOuD6p8O/3q/dHzaXYUBispiBVrBd2XR9Q40JVvu:oOSz9sfTc8O/34HzaRpm3dYR9cJVvu
                                                                                                                                                                              MD5:18F240EC48EE7AFA3214EA425E177983
                                                                                                                                                                              SHA1:186EB76CAE15C56C54AF8E24946ED9F70FDE9DC7
                                                                                                                                                                              SHA-256:2B58CD5F0F541FC5B540B47936D4A5806DAD839BB4045B6680C1A825230B4346
                                                                                                                                                                              SHA-512:591FD1325E9AEC420D84F67C8EDC5380DB1BE3A10E35EFD1DF7CEAEE55553A082B58B23A0C5005117AFB477BD826D70199173868330A8A09B7F7C4AF0175D70C
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C$.n.E.=.E.=.E.=...=.E.=...=.E.=...=.E.=.'.<.E.=.'.<#E.=.'.<AE.=.=h=.E.=.=x=.E.=.E.=.D.=.&.<fE.=.&.=.E.=.&.<.E.=Rich.E.=................PE..L......Z............................s.............@.......................................@..................................X..........C................-.......R..P...p...........................@...@....................S.......................text.............................. ..`.rdata.............................@..@.data....&...........^..............@....rsrc...C............n..............@..@.reloc...R.......T...H..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\updater.ini

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files (x86)\PC Privacy Shield\InstAct.exe
                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):395
                                                                                                                                                                              Entropy (8bit):5.423535697464603
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:1CbksZY3P/Z9DLP1vUXW4Z7jaBYmGbdB2O:1GkTbT11Y3
                                                                                                                                                                              MD5:D18AAEB44081836DEF5C46861379D50B
                                                                                                                                                                              SHA1:E31ECAFED60CEB0469FCE65CC39D524F9676CF52
                                                                                                                                                                              SHA-256:785359CC4AE23F604442E74F3B89A21B44F3647F5B4EE106AF74D769ED7FC531
                                                                                                                                                                              SHA-512:02F5BFA0FA76CE4920ACFEFAE17C18D97BBA79859D11DC760A27B2DFF39EF5E4D1B4898F884BA6B2854BAFBBA431B8579D9997C7F8F7328CC7C31C55B3A6F497
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:[General]..AppDir=C:\Program Files (x86)\PC Privacy Shield\..CheckFrequency=2..ApplicationName=PC Privacy Shield..ApplicationVersion=4.9.8..CompanyName=ShieldApps..DefaultCommandLine=/checknow..DownloadsFolder=C:\ProgramData\PC Privacy Shield\updates..Flags=PerMachine..ID={0691195F-4DFA-4C7B-838B-3BCE1D378E60}..URL=http://pps.shieldappsverify.com/setups/privacy/pcprivacyshield/s/updates.txt..

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\vcruntime140.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):85040
                                                                                                                                                                              Entropy (8bit):6.583935524888408
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:7kqwmvKrSgB91BDJ25Tg/G0G5r4Gt7qNBPS9DR6ecboHjPzRVzB0Og:73CuavtckJSVqNBPSeecboHjPzry1
                                                                                                                                                                              MD5:CAFD6F3410AF3B95968A1EFB17ECEE05
                                                                                                                                                                              SHA1:7B4FE24321D2B108EDA71EBCE241DA389C9A9158
                                                                                                                                                                              SHA-256:0164B1BFDCEDB07295EAE14FA5DCA88B46862BC91EC2D317EF8559BBEC8128BA
                                                                                                                                                                              SHA-512:79DB866ED22D3671359915CEEB96741A13356258132772067A1B0E186C700C32C97EC14BFE83B09110A80DEE61CC78AE85F8721184FBD4F1DE5E7D8DFADA82F4
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ZWB..6,..6,..6,.....6,..N...6,..6-.26,.L^/..6,.L^(..6,.L^)..6,.L^,..6,.L^...6,.L^...6,.Rich.6,.........................PE..d...y0.[.........." .........R...... ........................................P......!{....`A............................................4............0....... ..........0>...@..t...P...8............................................................................text...C........................... ..`.rdata...6.......8..................@..@.data... ...........................@....pdata....... ......................@..@.rsrc........0......................@..@.reloc..t....@......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\x64\DecryptTool.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):88976
                                                                                                                                                                              Entropy (8bit):6.770067807862272
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:ejLi48e0I5gR2GBgDD9c/vZ3IKGzTQ+utMvOg4xUa:0LiteQBgDD9c/vZ3/GzTQ+utMvOL
                                                                                                                                                                              MD5:EB83F2A3C15C8227C4E7ACAB1BEE2F68
                                                                                                                                                                              SHA1:C62498CBBB83256E7D9D81C5A8E88DD8A56B15B9
                                                                                                                                                                              SHA-256:6F629F90BE79F9F3D90974D435DE1C22CAC84625C3363ED849825745B7034E95
                                                                                                                                                                              SHA-512:61AAF2841CFB2DCF802E5620347FF815572B66A2BECEDA7BADFB352765FFD8059D21FB9000BA57095A92C703D1FB7ABEFE2D0B2C2FF1EEC58DF29301AFD904F0
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...a..e.........."...0......v.................@..... ....................................`...@......@............... ...............................`...................-..............................................................................H...........n.I7.-.I8n... ...p..................@....text................r.............. ..`.rsrc........`.......(..............@..@P.....~.TVqz\.....K~...QE\ ........\..C..zB.=N.k.X.....h]...w8...F..+[.J..7.b.....Y.......V..J.6,....>:V..F..-..]C..G<..V.....~.GB0R.6../m.7...E$.P%&E..+..G.N...^.^.zZ.y.u..+.....&.7,wOg...a.z...z..$.thC.J%..'...._..g.6.A....>.{B.<..ku.......%.c..:...P.s.M..X)9.>.7y.<..z..-.w.w^.z...[...uB.l..17...r...$....UP...i0Woo...(.*..yuM...F..\=\=..|...[9..T.#....U.SL..g.l.b.....*QS..Y.A.3'...`..O../"..E......A+k....,.....)1.Ww.....v.C..h.8..6|A.Og...nl"d..1...J

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\x64\DecryptTool.exe.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):163
                                                                                                                                                                              Entropy (8bit):5.034911309270971
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:vFWWMNHU8LdgCQcIMOodBQV7VKXRAmIRMNHjFHr0lUfEyhTRGBAEDDQIMOov:TMVBd1InV7VQ7VJdfEyFRUAqDQIm
                                                                                                                                                                              MD5:DCCD44FB11B8E4EBDFB822E809A54B6F
                                                                                                                                                                              SHA1:1889D5AE8C7C70C051CBDE104AF6E0F31F8C1B63
                                                                                                                                                                              SHA-256:6862B25736259F7BFD344E43EEA10A703885BE381EEE2A745CEB12916B01A158
                                                                                                                                                                              SHA-512:DADFFE41BDADFC3A79CB34369C9A8B37CE4833AEE18058B02DCB13D64007F022B80B63AB404572C60278937CF83B06B00712FF9EE302E725B9D5C7FE14BD5F50
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>..<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2"/></startup></configuration>..

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\x86\DecryptTool.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):90512
                                                                                                                                                                              Entropy (8bit):6.724517270320744
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:rU1K2um9l5CjyT0r6M+a7qc5dhMYmOe3IVdQQz/mwDcZcxl:rMlnTuD+ar5dhMYmOe3WdQQz/mwDKE
                                                                                                                                                                              MD5:A072F16906AD5A95365456EC7FBB4A97
                                                                                                                                                                              SHA1:7EB85406BF120F64AE9B32E2DD275FC213B73F6B
                                                                                                                                                                              SHA-256:2B3524812AC3F789E21271B8CF7358A359B6042205C3B6A0FDF95DEB44B4622E
                                                                                                                                                                              SHA-512:980E668E18FC395242A39942166D3B3DE37D8A4FE4E14520AF29A202101DF75AA2BEF3C857657EA5F1BCE44501FB7D0F5EAFA706BC146022756E9BEBBAE8C074
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...i..e..............0......x............... ....@.. ...............................X....`.....................................O....`...............4...-..............................................................................H...........H.hex%(FPo... ...p..................@....text...`............t.............. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B.....................2.............. ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Program Files (x86)\PC Privacy Shield\x86\DecryptTool.exe.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):163
                                                                                                                                                                              Entropy (8bit):5.034911309270971
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:vFWWMNHU8LdgCQcIMOodBQV7VKXRAmIRMNHjFHr0lUfEyhTRGBAEDDQIMOov:TMVBd1InV7VQ7VJdfEyFRUAqDQIm
                                                                                                                                                                              MD5:DCCD44FB11B8E4EBDFB822E809A54B6F
                                                                                                                                                                              SHA1:1889D5AE8C7C70C051CBDE104AF6E0F31F8C1B63
                                                                                                                                                                              SHA-256:6862B25736259F7BFD344E43EEA10A703885BE381EEE2A745CEB12916B01A158
                                                                                                                                                                              SHA-512:DADFFE41BDADFC3A79CB34369C9A8B37CE4833AEE18058B02DCB13D64007F022B80B63AB404572C60278937CF83B06B00712FF9EE302E725B9D5C7FE14BD5F50
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>..<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2"/></startup></configuration>..

                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Privacy Shield\PC Privacy Shield.lnk

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Oct 3 05:28:27 2023, mtime=Wed Oct 30 15:52:12 2024, atime=Tue Oct 3 05:28:27 2023, length=6461328, window=hide
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1122
                                                                                                                                                                              Entropy (8bit):4.678334795231968
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:8m7L+/ESdOEdfvv8A3akbWdnR/dn/UUMGnVyfm:8m7L+cSdO8nTKvdnR/dnskn6
                                                                                                                                                                              MD5:3A59491726FF83971DD2C0EC02154BCA
                                                                                                                                                                              SHA1:F1551DD945C4DA6360716EF9BBD9C1E585C9CC78
                                                                                                                                                                              SHA-256:A06BAD2032EA0FE80E9C64E6F41D6680040E2DF4F52877D44E34DC4B458EA169
                                                                                                                                                                              SHA-512:67CC0356C79610702F559532153B356AD3DB83F59CC5FDCC7E131F24631470CA8D7C981F2F66C707BBB1E31078219DA99649F8E1EB41C83E1D2A9B476BE379A5
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:L..................F.... ...{.........P..*..{.........b..........................P.O. .:i.....+00.../C:\.....................1.....^Y....PROGRA~2.........O.I^Y......................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....l.1.....^Y....PCPRIV~1..T......^Y..^Y.......:....................{...P.C. .P.r.i.v.a.c.y. .S.h.i.e.l.d.....t.2...b.CW.3 .PCPRIV~1.EXE..X......CW.3^Y......~A......................x.P.C.P.r.i.v.a.c.y.S.h.i.e.l.d...e.x.e.......k...............-.......j....................C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe..K.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.C. .P.r.i.v.a.c.y. .S.h.i.e.l.d.\.P.C.P.r.i.v.a.c.y.S.h.i.e.l.d...e.x.e.).C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.C. .P.r.i.v.a.c.y. .S.h.i.e.l.d.\.........*................@Z|...K.J.........`.......X.......210395...........hT..CrF.f4... .L.T..b...,.......hT..CrF.f4... .L.T..b...,..............A...1SPS

                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Privacy Shield\Uninstall PC Privacy Shield.lnk

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has command line arguments, Icon number=0, Archive, ctime=Sat Dec 7 08:10:02 2019, mtime=Wed Oct 30 15:52:10 2024, atime=Sat Dec 7 08:10:02 2019, length=59904, window=hide
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1889
                                                                                                                                                                              Entropy (8bit):3.6303484431383364
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:8We/J+DNvJ/ElbRAwUwB+ssT2gXS+MwT2gXdSlb4WwT2gXjcM6yfm:8We/uSbiqsSiS5wSidSlkWwSiYW
                                                                                                                                                                              MD5:779753E51246B9F60417DE466D2EECA8
                                                                                                                                                                              SHA1:E71DF41C1C978E35645880DACAD556FC20819954
                                                                                                                                                                              SHA-256:A60DFA41EFE6FF84503E117CDDEF9744F12488C034EC03978BA569041EA7D02C
                                                                                                                                                                              SHA-512:293F053BECFD046FF883917B1A5C4D1A468A91459FCB89DE81CB6FEEFA919F279AEE509A6E010B6AF3A78136F2287DCE7B603CDC77AF8688D649A7DFE8E2B26C
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:L..................F.@.. ...25.....=....*..25.............................A....P.O. .:i.....+00.../C:\...................V.1.....DWP`..Windows.@......OwH^Y}.....3.........................W.i.n.d.o.w.s.....Z.1.....^Yz...SysWOW64..B......O.I^Y}.....Y.........................S.y.s.W.O.W.6.4.....b.2......OBI .msiexec.exe.H......OBI^Y..................|.............m.s.i.e.x.e.c...e.x.e.......N...............-.......M....................C:\Windows\SysWOW64\msiexec.exe........\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.S.y.s.W.O.W.6.4.\.m.s.i.e.x.e.c...e.x.e.)./.x. .{.A.F.B.C.5.F.3.E.-.A.4.B.A.-.4.5.F.5.-.A.D.5.1.-.E.8.6.6.3.1.2.F.7.7.9.E.}.S.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.A.F.B.C.5.F.3.E.-.A.4.B.A.-.4.5.F.5.-.A.D.5.1.-.E.8.6.6.3.1.2.F.7.7.9.E.}.\.S.y.s.t.e.m.F.o.l.d.e.r.m.s.i.e.x.e.c...e.x.e.........%SystemRoot%\Installer\{AFBC5F3E-A4BA-45F5-AD51-E866312F779E}\SystemFoldermsiexec.exe....................................................................................

                                                                                                                                                                              C:\Users\Public\Desktop\PC Privacy Shield.lnk

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Oct 3 05:28:27 2023, mtime=Wed Oct 30 15:52:11 2024, atime=Tue Oct 3 05:28:27 2023, length=6461328, window=hide
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1104
                                                                                                                                                                              Entropy (8bit):4.6959676347395245
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:8maL+/ESdOEdfvv8A3akfdnR/dn/UUMGnVyfm:8maL+cSdO8nTKSdnR/dnskn6
                                                                                                                                                                              MD5:223C6A73E29ACC087A7304579E7A3430
                                                                                                                                                                              SHA1:976C12CFEEE15D2545BB03B2F99D5954D09FA925
                                                                                                                                                                              SHA-256:FB337B4E83C48CDB351B37E4645AA8B766AF9A57AD108DCBF68DADA4A55C4471
                                                                                                                                                                              SHA-512:8C5E6BCDE45FD2BAD44AF65A1F2C19C6D1BF4EFD069BD6E696040B4F41FE668185CEBDAF05B9E855DCE462DD54E5D5FAAEFBCD36854B3FCF7135709D96B06FDC
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:L..................F.... ...{.........5..*..{.........b..........................P.O. .:i.....+00.../C:\.....................1.....^Y....PROGRA~2.........O.I^Y......................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....l.1.....^Y....PCPRIV~1..T......^Y..^Y.......:....................{...P.C. .P.r.i.v.a.c.y. .S.h.i.e.l.d.....t.2...b.CW.3 .PCPRIV~1.EXE..X......CW.3^Y......~A......................x.P.C.P.r.i.v.a.c.y.S.h.i.e.l.d...e.x.e.......k...............-.......j....................C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe..B.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.C. .P.r.i.v.a.c.y. .S.h.i.e.l.d.\.P.C.P.r.i.v.a.c.y.S.h.i.e.l.d...e.x.e.).C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.C. .P.r.i.v.a.c.y. .S.h.i.e.l.d.\.........*................@Z|...K.J.........`.......X.......210395...........hT..CrF.f4... .L.T..b...,.......hT..CrF.f4... .L.T..b...,..............A...1SPS.XF.L8C....&.m.%.

                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\TaskTools.exe.log

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files (x86)\PC Privacy Shield\TaskTools.exe
                                                                                                                                                                              File Type:CSV text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):856
                                                                                                                                                                              Entropy (8bit):5.388614983460423
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:Q3La/KDLI4MWuPXcp151KDLI4MN5I/k1BakvoDLI4MWuPakEOsk7yoDLI4MWuPC4:ML9E4KQ71qE4GIs0E4KGAE4KKUNb
                                                                                                                                                                              MD5:D60283EF2DCAFD5CC0E584E7C73FA5BF
                                                                                                                                                                              SHA1:776F65CDF8E74E5B4963B523E96D9D1BE894A11C
                                                                                                                                                                              SHA-256:26C1261AF813495352386760E233D05EC215CBB16D55040CB9EB93BCA13FA27E
                                                                                                                                                                              SHA-512:AD8F9655D8CC2BE89B729F3074F17546D6352D6D6ABC680E1663C8E78E640970E469711F72EE405FA4548F1D6CF6903B599DC303AB9AD3CED5CD315B17849A6D
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstAct.exe.log

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files (x86)\PC Privacy Shield\InstAct.exe
                                                                                                                                                                              File Type:CSV text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):425
                                                                                                                                                                              Entropy (8bit):5.353683843266035
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
                                                                                                                                                                              MD5:859802284B12C59DDBB85B0AC64C08F0
                                                                                                                                                                              SHA1:4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
                                                                                                                                                                              SHA-256:FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
                                                                                                                                                                              SHA-512:8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PCPrivacyShield.exe.log

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:modified
                                                                                                                                                                              Size (bytes):609
                                                                                                                                                                              Entropy (8bit):5.356231720746034
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:Q3La/hg1KDLI4M9tDLI4MWuPTArkvoDLI4MWuCOKbbDLI4MWuPJKAVKhav:MLV1qE4qpE4KiE4KnKDE4KhKiKhk
                                                                                                                                                                              MD5:84D694362CA4464BE97CDDE5B40B8F12
                                                                                                                                                                              SHA1:BFC09F8F47B466A2661F277D6438ECAFAADC522A
                                                                                                                                                                              SHA-256:5FA11272EAE60A4BB2E83E017AAA498E010E3AC5E94F05B788C437E1781013FE
                                                                                                                                                                              SHA-512:E75088B69B62A0525E6EE90820E18656F605D4604E2E6130C46EE68CC29C977916A7DDEEE6BC6F09BAB44D6977DEDE4A5EAB437896C9079E1B415C11C3DE9ED1
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

                                                                                                                                                                              C:\Users\user\AppData\Local\PCPrivacyShield\Ewlist.xml

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):2813
                                                                                                                                                                              Entropy (8bit):4.386307520919152
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:U4HgwLgHg5bJlnlalog5g9x96VHgKM+dPZJq9ZSnA7AOWF12EllkDNsT:UANLIwbzlaloWAKM+dPZJqunA7AOWFkK
                                                                                                                                                                              MD5:9AB2A08FD94F87BAF21466333CCA6E94
                                                                                                                                                                              SHA1:817F1703F6E5354994B9C3D226EC0BB390C67C9D
                                                                                                                                                                              SHA-256:305C811112CF9B1F7228A54EF6DECDE298C97E030C6092A4CA75B87A5956024F
                                                                                                                                                                              SHA-512:16C911F7F6DC7889D06AFCBEB0F95E1217B117BBAF4AF417849A13D2B583A15C3111890ED519DBCECEA9640662BCAD13E42EE3340B3E82877D3537D22C562DDF
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:......................;Util, Version=4.9.8.0, Culture=neutral, PublicKeyToken=null.....uSystem.Collections.Generic.List`1[[Util.Browser.UrlExt, Util, Version=4.9.8.0, Culture=neutral, PublicKeyToken=null]]....._items._size._version....Util.Browser.UrlExt[]...........5...5.............@.....Util.Browser.UrlExt................................................................................................................................................. ....!...."....#....$....%....&....'....(....)....*....+....,....-........./....0....1....2....3....4....5....6....7....8...........Util.Browser.UrlExt.....<Url>k__BackingField.<WhiteListType>k__BackingField.<Timestamp>k__BackingField.<Removed>k__BackingField............9....apple.com......"g...............:....bankofamerica.com......"g...............;....blogsport.com......"g...............<....buzzfeed.com....d."g...............=....chase.com....d."g...............>....craigslist.com....d."g...............?....dropbox.com....d."g........

                                                                                                                                                                              C:\Users\user\AppData\Local\PCPrivacyShield\Files Vault\metadata\categories.bin

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):54
                                                                                                                                                                              Entropy (8bit):5.083319677969203
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:3hTIdjLBHQdXRQmafuwOsy:3iommDsy
                                                                                                                                                                              MD5:8C87D079F5395E502C938414CB835DFB
                                                                                                                                                                              SHA1:29D9B0B1F280D68319AD882667369107B34218CF
                                                                                                                                                                              SHA-256:690B22C4E03EE63B2EBEB0E9EA4A20B897026DC9451945292D77DD328F97B2E8
                                                                                                                                                                              SHA-512:F516E72CC3F2F839921EDA60B04E05000EA57C5C4D70CCC18EDBF2800F97F2DF1DC979367BA16EC68DA030F69DE2011F60FBE1280A85EC2148D27A7C3BF4B035
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:EAAAAMh1PUmOGFzFijqeGdRbhg8zVpTBtu2SQkOzoYx0MFU2;0;0..

                                                                                                                                                                              C:\Users\user\AppData\Local\PCPrivacyShield\PCPrivacyShield.settings

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              File Type:ASCII text, with very long lines (3016), with no line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):3016
                                                                                                                                                                              Entropy (8bit):5.985112243888319
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:3ZZpOTg2PueXmyQIiv2GK0bR2Af7TG3aw3OKgbSB9zagMWyKhPjC3P:JZZamyl0tf7T8lgGa6qP
                                                                                                                                                                              MD5:DAB1A5A8B988994D91285E4ABC26EE3D
                                                                                                                                                                              SHA1:96A665B3EFEA9691CBB32B177C40FE266BC301BD
                                                                                                                                                                              SHA-256:04DA08C8E6B42D141B491208A1D96E66BC8C27573A33D1DD632651A928306A65
                                                                                                                                                                              SHA-512:85875B018EC904C750830AFEE886F400B89A977C78FB05FC67A7E269CE2434458944EFD85F6A3731648DC6A6EC27A352F903D152FE856C02CBBF7B4CC02FBEDC
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:EAAAAHcpAMxW5IAVoH9K1RF8Rumg55rSnYG+IkZyOYcfuDFszZiiiwVRzQCp59+PfbD35omEqKhVMWDenCmTA1tTrBZMMOAMSfasXqAEjUdgnBSSiUkACW77eJr+ILnLAMdogMEb0S95zEPOu+3zRqGYxrnZy+L69GjSxb9P870gUM/1cO2PVjOJ+Ez49y7fGMwVXdJHK48YwpwV+kJebkmD8/dxV8rRXUW+f6fLSRJz5i2/2xAv8QSlaTGrCFIpcxXv0ok/ffQFmNCEtAZxyU2dkiw+qAmXO/9K0qJKaTxRDMq1zzcggcVoOxaQH5ZQR9/zrIsyo6TW06wd+fUUoGk4QbFrJ6HlpawlRQpONxdroYr/DGbU5sVPVjmVM98KjcpfzSLnXZiIywYiTh+/fB+eejEyfVaJacXpIP8d0AlVbcc/k2myKByxPqxILtpCnClFjkQdfuwUfG7Waxs9B5S5lP6NzIHUnE+YkrPzy8FF2XOzOe2aHR8TaPxdIs3EtR2aDk+n7eygzCAjn+NbsVSrwYH9GYumlbab+IdTmB+0MCjc5Dpk6ufBK0CHbb4z1S4MB7jjXAPosPvLy8M3xF8A1mVmsHaNOVBgx6MzkvTJ+hn4w+4tUtOwtHCcCAIJa7pHkN75fEa+o5AGe+NcbgqEskihQzFlnzlP21n1wnVfKqcTgBcrVV56BL7DF6ZoyLEFI6jKcma2z/X9BJwTtdauG3oziPHOCkxKfgMAhSVqyGCoEoqsluc8KhNpYaGTbX1KuBnrgVxIu3VIZQVQLhTn/fH8rVND7zw7+CvNXbrNV0gNn0UKarlCq51N9+e3X1nQP6tXyplEYTc2QNFcS+L82RYo7pInqSovCKs/o5nb6ZuMjRDoj7CmGYPKHE9XKr11fIlpoXaX6rnO8f2YARFosMsZKr1OnZkCl8aS1fF3FfMcUpXRa3FGJhziYrnYMZV0oePSPBETfUAv/BTa8SUr93BvafsJVwVJd7ci

                                                                                                                                                                              C:\Users\user\AppData\Local\PCPrivacyShield\cnfg

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files (x86)\PC Privacy Shield\InstAct.exe
                                                                                                                                                                              File Type:ASCII text, with very long lines (304), with no line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):304
                                                                                                                                                                              Entropy (8bit):5.8579512751103335
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:3n+WatN+/STvLyv6jppLtvK0tbOLtuPesQIwTE8ecXnVfnu:3nNatN+qLLnjnLtvRkLtJsinD3tnu
                                                                                                                                                                              MD5:7F66EB7259FA4D0BEB7A2D7E666024E5
                                                                                                                                                                              SHA1:CABFB68E58BF7E84F59B1715954D04660A7F2ACC
                                                                                                                                                                              SHA-256:84303146CD95BC06428F6888B35C4E8F301CF2B4468B3E02E484528E24C0CFEB
                                                                                                                                                                              SHA-512:B7522AC201B71EBF51ED39FA40A325AF38C8A3960BD60EC63CBF335B8C5C0BADE5C29C77EBBB29C8F54A7850C5BC05D02331390AF9B26F4A0B0507EE7C7783E2
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:EAAAACZX96lKVPSTsSQ/hxBJ5vN5o76lR6gLOrhPftVqKthnVei9jhDP7wxa3Wd6TLng6dHza45GA+EG/Cb8siXVMQLbrJtZQDM1uKMK6/FffB23hz0qPVHfGXYwB16eNou76xsEwv+ogiq95eWV5/uxJxJLIvFMuL9lwB8SBgP/UiDEVhAyqR7uPS6JO+vsezlA0E8b70TYzwFlacZHjTsUctOOLk032IRVOvuFbRLw96+6iYyiPRzCvZyber7+fsI2ZlpCTRTd1zSRC7D9zKznUoY0Z2jWQyoOAVU+AuU+406Q

                                                                                                                                                                              C:\Users\user\AppData\Local\PCPrivacyShield\command

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):4
                                                                                                                                                                              Entropy (8bit):2.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:0:0
                                                                                                                                                                              MD5:A7DD12B1DAB17D25467B0B0A4C8D4A92
                                                                                                                                                                              SHA1:9FB29051F2217270A7B253A39F820310D85A78F0
                                                                                                                                                                              SHA-256:1C6333509DEBF060200EB6BBE28DB307508DA67C0E3C58088393E4CF09DE596D
                                                                                                                                                                              SHA-512:3E1FF319363C11A3FBBA578F0B5A6491ACBA7F5697591680BD954A0B25ECD0DA1464DDFA2F06C0299881EFCC207E04C3900B04862A84B099FBEE948A4D6DA47C
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:show

                                                                                                                                                                              C:\Users\user\AppData\Local\PCPrivacyShield\config.json

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):2512
                                                                                                                                                                              Entropy (8bit):5.024283291386942
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:YmrMzlChjlKqHtmvHDGQPX5y16YbPlk1jCDnrs:9rMzlCKTbPo1rbPe1GDnrs
                                                                                                                                                                              MD5:B74E8A433C10E0D1BCC65949ECB78FF2
                                                                                                                                                                              SHA1:C208E8DD2F12C25C4017EE0D2F84CFF94BEC4888
                                                                                                                                                                              SHA-256:7147848629D634022BF163FD739291643F10B9B4E5BA8887DE62316594051DE9
                                                                                                                                                                              SHA-512:BB910BB2581D358F457366740ED2C9EB6D2E3D258858AEFE9CD1BEE3DA210C5E602154412AFFA068EB5F65D736E47936787DC1DC4182BA6F96F7C5FD7A078BA8
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:{"en":{"AlternateUrl":true,"MainTitle":"Dark Web Scan","MainTitleStatus":["Hundreds of data breach cases are being scanned for your personal email account","Your digital, financial and personal privacy may be at risk.","Recent data breaches facts"],"HeadingTitle_TechnicalQuery":"Technical query:","HeadingTitle_ScanFor":"Scanning:","HeadingTitle_GlobalScan":"Scanned regions:","TechnicalQuery_Hostname":"Hostname","TechnicalQuery_RouterLocation":"Router Location","TechnicalQuery_Bandwidth":"Bandwidth measurement (KB/s)","ScanFor_RiskSummaries":"Leaked databases","ScanFor_CompromisedEmailAddresses":"Paste-records","ScanFor_PasswordStatuses":"Breached sites lists","ScanFor_AssociatedWebsites":"Forums","GlobalScan_CityListLimit10":["Tokyo, Japan","Berlin, Germany","Budapest, Hungary","Arad, Israel","Rome, Italy","Guangzhou, China","Kiev, Ukraine","Sao Paulo, Brazil","Kaohsing, Taiwan","Bucharest, Romania","Moscow, Russia"],"FinancialSecurity_SSN":"Social Networks","FinancialSecurity_DateOf

                                                                                                                                                                              C:\Users\user\AppData\Local\PCPrivacyShield\debug.log

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (310), with CRLF line terminators
                                                                                                                                                                              Category:modified
                                                                                                                                                                              Size (bytes):30805
                                                                                                                                                                              Entropy (8bit):5.6106792315173974
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:Ph4f/EZwopQtTAR5FgvzSoGCT7n9sfjRZl7QIZzTvPSuu0c0y:L1gvzSoGCT79sfjRZl7bJPSuut
                                                                                                                                                                              MD5:A9EEDE81DA432373432E4B1B37E275B8
                                                                                                                                                                              SHA1:A0B913CE7FE76A87D301E82D38BF7F0E494B5000
                                                                                                                                                                              SHA-256:758FE1C058804D6AB0EDEFB81FB7100523B3810B254C699441B0DEA024E816DD
                                                                                                                                                                              SHA-512:0D30D9F58A427F0B8D7B4C5CEFE974FAD4794ADD4FCB43C2013450E3D6A72EF5BFCFBDBB396FD123DAFA2882DE393C59EFDEEEEDC7A501A2AA51FF047137C5BD
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:..................................................................................................[30/10/2024 12:52:24] Logging session started..._______________________________________________________________________________________________..[30/10/2024 12:52:24] Windows version: 10.0.19045.0 Is64: True..[30/10/2024 12:52:24] Application version: 4.9.8..[30/10/2024 12:52:24] Program: GetFilesVersion..[30/10/2024 12:52:24] File: BouncyCastle.Crypto.dll Version: 1.8.5..[30/10/2024 12:52:24] File: Bsm.dll Version: 4.9.8.0..[30/10/2024 12:52:24] File: CaByp.dll Version: 4.9.8.0..[30/10/2024 12:52:24] File: CaByp.dll Version: 4.9.8.0..[30/10/2024 12:52:24] File: ExcelDataReader.dll Version: 3.5.0..[30/10/2024 12:52:24] File: ICSharpCode.SharpZipLib.dll Version: 0.86.0..[30/10/2024 12:52:24] File: Micr

                                                                                                                                                                              C:\Users\user\AppData\Local\PCPrivacyShield\debugTracking.log

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):583
                                                                                                                                                                              Entropy (8bit):4.010957871549954
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:mgurvpWHxq3KJv74LSi2qmvxpyW5zz1dEJ7Jcty:mRvoc3nLSAemKfE7Sty
                                                                                                                                                                              MD5:D1EAB4065B7F99707AC91626AA006DDF
                                                                                                                                                                              SHA1:E5AE659A52429EA7D7859F9171FF858DDFC44ED7
                                                                                                                                                                              SHA-256:00F7C6C7CC32B131F711E569954C476C081448FB8B2B07ACCFB205175D9FEBAE
                                                                                                                                                                              SHA-512:3F983C977AE290AB0848E16E8C53E6C638A479DB1EF65207661567F811A58653898779CC41A50B0C09C3FBBBE61CD0DF88C6E7310DD243E0B6984E7EFDC465A8
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:..................................................................................................[10/30/2024 2:02:39 PM] Logging session started..._______________________________________________________________________________________________..[10/30/2024 7:30:56 PM] Starting extension listener..[30/10/2024 19:40:50] WEBSOCKET: Server started listening on http://localhost/MyAdBlocker/..

                                                                                                                                                                              C:\Users\user\AppData\Local\PCPrivacyShield\debugdoc.log

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):438
                                                                                                                                                                              Entropy (8bit):2.9191159132009745
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:sHNz5z5z5z5z5z5z5z5z5z5z5z5z5z5z5z5z5z5z5z5z5z5z5z5z5z5z5z5z5z5Q:mgUeUPvp4
                                                                                                                                                                              MD5:ED616570B8A99F0EBE16CCFCA686D3AA
                                                                                                                                                                              SHA1:A25969A47444A62CFCFDB095580C0FE94D42C20E
                                                                                                                                                                              SHA-256:95A1A7100D062252C238A3528DC4BEFE136A68499BA6698925A1E98F6BDF8367
                                                                                                                                                                              SHA-512:11865CF521EAACC3E1DB7EEE667061D45C9B400DD9C8BA5677D5D94ECD264AB49EF6DDC37FFCDE6E380B253E202B04FB13A1F9E15BE4490C060B5C0AB3A1ED75
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:..................................................................................................[10/30/2024 12:52:42 PM] Logging session started..._______________________________________________________________________________________________..

                                                                                                                                                                              C:\Users\user\AppData\Local\PCPrivacyShield\esentutl.log

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files (x86)\PC Privacy Shield\TaskTools.exe
                                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1058
                                                                                                                                                                              Entropy (8bit):3.9157810209655564
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:mzLvvuvp1LvfdmCysvh2KTK05k1nGZvhvhlUc1Lvhoujvwv:mzLv2vzvfQsvtksZZvrvSujvwv
                                                                                                                                                                              MD5:61AB18806761C7200C2BB6921F262EAC
                                                                                                                                                                              SHA1:81C79E0FAD5B41DCEF77DC2711EC5CD4D0EF64C3
                                                                                                                                                                              SHA-256:FD688589C4F89C386265FBDA7BA29782F7FD530CC2FC631E234C9D50A97F09DA
                                                                                                                                                                              SHA-512:53B884E51DD0B521DBA7202565923C3FC40FFAEC0EFB6B441C8E19804040B23D32B0457A05EAD86497C9E1F9DD5B4403FD8BCC3BBF68969E7C8187AD37A31B25
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:..................................................................................................[30/10/2024 12:52:28] Logging session started..._______________________________________________________________________________________________..[30/10/2024 12:52:28] Started with params: run_program..[30/10/2024 12:52:29] Running program: C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe..[30/10/2024 12:52:29] Arguments: .._______________________________________________________________________________________________..[30/10/2024 12:52:29] Logging session closed................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\PCPrivacyShield\report.txt

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):92
                                                                                                                                                                              Entropy (8bit):5.522051461628562
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:3qQCgWLIdAwwmNnuEcrTVkvRGOgNOrrzr:3qQCgWoomNulZyRGOIArzr
                                                                                                                                                                              MD5:544DF71E4B17C046C1367A06A4A647F8
                                                                                                                                                                              SHA1:FE5FAFD89FCB9593BA1E96659BD66E9E68A4DEEE
                                                                                                                                                                              SHA-256:AADF3F6AAC2AF5E6D0AC9CBFF3D96DC371C7169FE3930D6A45E15F1B4AF065CB
                                                                                                                                                                              SHA-512:00C5CE71D07A1DC1EAEAF7DCF6BAD42E4E085A2458193536F854A593D70937B633580E879FD4F2218B2E8F2162CB63D119CD5DA8EC12ADD7AB0EBBAA5479DA9A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:EAAAAFuL4ofr/MUsnpsDj1wC85KnQWviTCbC52+B+AmZaQhUGgJuF2QO3wejzRuOXhlbqZ+Gm1fZxh+DG7N3J83xIh4=

                                                                                                                                                                              C:\Users\user\AppData\Local\PCPrivacyShield\whitelist.data

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):718
                                                                                                                                                                              Entropy (8bit):4.3128332871880275
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:8zjBY2pGZT2lNkNr8L5HpoyhKCZN3zBrRnG9VfB3/+gdBsB:8BFpNlNkxadNKCZJBrRG9f3/+mBsB
                                                                                                                                                                              MD5:20C91F407CC012AAB56030983FEDB5D6
                                                                                                                                                                              SHA1:F0B7BC0BAD8C37546ABB797116FC1A792B0F6731
                                                                                                                                                                              SHA-256:8D4D637EC28958F8963FB6C508EBF342EE61E18935A67B8573B5CC008E4C4DD2
                                                                                                                                                                              SHA-512:4B1DB5F8EDA1D5E5009D06B303D8E41BFFDD907A5E1C64439289778AD4247BDB342187F545715E75F7B552FB3DA7D5FFCFFFE9DDEDDE2D86FC644081FEB8022F
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:apple.com..bankofamerica.com..blogsport.com..buzzfeed.com..chase.com..craigslist.com..dropbox.com..facebook.com..github.com..hsbc.com..instagram.com..intuit.com..jira.com..linkedin.com..microsoft.com..netflix.com..office.com..paypal.com..pinterest.com..playstation.com..realtor.com..redfin.com..rockstargames.com..rosettastone.com..saleforce.com..salesforce.com..stackoverflow.com..trello.com..trulia.com..tumblr.com..twitter.com..wellsfargo.com..wikia.com..wikipedia.org..wordpress.com..yelp.com..zillow.com..youtube.com..atttvnow.com..disneyplus.com..espn.com..fubo.tv..hbonow.com..hulu.com..sho.com..sling.com..starz.com..upwork.com..idseal.com..google.com..outlook.office.com..web-backup.biz..microsoftonline.com..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\NetFirewall.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):339872
                                                                                                                                                                              Entropy (8bit):6.510807314703202
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:20db8ujPNTpkVGfwsLAO3P6xjxWxzG5v:hdb8ujPN0nsLRPKxWxzG5v
                                                                                                                                                                              MD5:080CC38F68DDD4B9958338786BAAC5E3
                                                                                                                                                                              SHA1:567CBBE72BE587AA5D4021240E0D1E76B81C098E
                                                                                                                                                                              SHA-256:B164D00D5D2234625D979DA0F1A4EFEF73D7B40000DA5D493AAEFD817AD086B1
                                                                                                                                                                              SHA-512:55F7EB841FDC1051A9D2100F9E4620655EA9A4CA6FD50FB2840D39B1F4177281BA2D492BD6E107F1E6DE7119A760192D62E5959BA27F7812DE41425875F0C129
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r..6..6..6.....;........y..9..y..!..y..d...........'..6........-.....7....3.7..6.[.7.....7..Rich6..........PE..L...D~.c.........."!...".p...................................................@............@.................................H...........x................#.......3..0L..p....................L......pK..@...............(............................text....o.......p.................. ..`.rdata...O.......P...t..............@..@.data...............................@....rsrc...x...........................@..@.reloc...3.......4..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\New

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):15086
                                                                                                                                                                              Entropy (8bit):2.9169468593135157
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:+f+OFx/DgstjfDaf///////aorGbaX8PSccl1q12xfnW1orsKc:+WqDgOQ///////aoZsP+/qAVnWursKc
                                                                                                                                                                              MD5:1E80DE80CEFEE55D7CFDA0DF2EDCF3B2
                                                                                                                                                                              SHA1:6E567D732354BBB21F9A57BBB72730C497F35380
                                                                                                                                                                              SHA-256:4E64F4E40D8CBFF082B37186C831AF4B49E3131C62C00A0CF53E0A6E7E24AC2B
                                                                                                                                                                              SHA-512:5EFEA023B18FFD5B87A19837BA2C72C179B55B7C3071B773A032C63D7268DBE25E2902AE8B111AD83A4F005346B378C7A75033ADAEE90805BCB4FEC2822E54C0
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\Up

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):15086
                                                                                                                                                                              Entropy (8bit):2.7901346596966383
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:+n5lkX/1//AJffffPTb6ylHJxnSfFN5pM2C:+5lkX/K
                                                                                                                                                                              MD5:FD64F54DB4CBF736A6FC0D7049F5991E
                                                                                                                                                                              SHA1:24D42FB471AAA7BCD54D7CCB36480F5ADD9B31D4
                                                                                                                                                                              SHA-256:C269353D19D50E2688DB102FEF8226CA492DB17133043D7EB5420EE8542D571C
                                                                                                                                                                              SHA-512:EC622AFAB084016F144864967A41D647E813282CB058F0F11E203865C0C175BA182E325A6D5164580FF00757C8475B61DE89CCC8E892E1B030E51B03AD4EAFB4
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\cmdlinkarrow

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:MS Windows icon resource - 3 icons, 16x16, 16 colors, 4 bits/pixel, 16x16, 8 bits/pixel
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):2862
                                                                                                                                                                              Entropy (8bit):3.160430651939096
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:QFFZ+f+zd+kHeNTM9/+Xz++++++++YWWS0i6I:QFFEw4Xc+D++++++++ypi9
                                                                                                                                                                              MD5:983358CE03817F1CA404BEFBE1E4D96A
                                                                                                                                                                              SHA1:75CE6CE80606BBB052DD35351ED95435892BAF8D
                                                                                                                                                                              SHA-256:7F0121322785C107BFDFE343E49F06C604C719BAFF849D07B6E099675D173961
                                                                                                                                                                              SHA-512:BDEE6E81A9C15AC23684C9F654D11CC0DB683774367401AA2C240D57751534B1E5A179FE4042286402B6030467DB82EEDBF0586C427FAA9B29BD5EF74B807F3E
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:..............(...6...........h...^......... .h.......(....... .........................................................................................................................................................wv....."""""o.."""""o..www""......"/.....""......"/......r.........................?...........................................?......(....... ..................................................."..... .". .6.-.9.;.<.;.D.3.,...4...9...O.,.Q.$.M.2.S.:.\.1.U.$._.1.F.G.I.A.`.@.w.q...|...q...{.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\completi

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):15086
                                                                                                                                                                              Entropy (8bit):3.57715132031736
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:+728OQ6YxsPq7v8N+2RdHKb80000000000000000000000000MqfqF2Nnnu8jgLe:+72LQWPq7vEFXVCVKuM4expgz
                                                                                                                                                                              MD5:C23AF89757665BC0386FD798A61B2112
                                                                                                                                                                              SHA1:FD4958B62F83EDF6774FCF7C691CC3270B82AA0B
                                                                                                                                                                              SHA-256:031ED0378F819926D7B5B2C6C9367A0FB1CBAE40E1A3959E2652FE30A47D52F2
                                                                                                                                                                              SHA-512:5727ABA9CD972C8F25B31F2A8E698CA2CAE640427A62A0EA4092FD426B907D39BAF58B8724B6E37965E76BE90EAA329F7D4A7EE4688922ED796D54E4377FC8CC
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%....................................................................................................................................................................................................................................................................................................x...t..f..f..t.....x...".......................................................................................................................................................d................................d..............................................................................................................................................N.k................................................j....Z..............................................................................................................................o.d..........................................................d...s......

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\custicon

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):15086
                                                                                                                                                                              Entropy (8bit):3.2912578217465134
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:+728OQ6UfPsw8PX4E0000000000000000000000000rggggj88jgLiqYTqfI0008:+72LQpPswSXtA4vJbvi
                                                                                                                                                                              MD5:BE6D2F48AA6634FB2101C273C798D4D9
                                                                                                                                                                              SHA1:21D1B2E7BCA49FE727E1C3A505E28E609EC53CC7
                                                                                                                                                                              SHA-256:0E22BC2BF7184DFDB55223A11439304A453FB3574E3C9034A6497AF405C628EF
                                                                                                                                                                              SHA-512:8BC2C9789640ED0E6F266FDC27647F7CE510EFE06ED1225BB8510F082E6C009E7911AEC38F21DE405FA68A418513DA2DC541EDB53F4FA6887603596EBD29F463
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%....................................................................................................................................................................................................................................................................................................x...t..f..f..t.....x...".......................................................................................................................................................d................................d..............................................................................................................................................N.k................................................j....Z..............................................................................................................................o.d..........................................................d...s......

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\exclamic

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):15086
                                                                                                                                                                              Entropy (8bit):3.486912391627119
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:+jsnrGWGIxANQAI2DZ4uHnIdUsbTgvCh3gs//oUvz4tbr4/w:+YzxkQAj4eIdqv8T//3+bsw
                                                                                                                                                                              MD5:3FBB7DDBC13EDF109E3ACAA7A4A69A4E
                                                                                                                                                                              SHA1:BF53201D998ED6E6F2E07584EFDA9585113AEB0E
                                                                                                                                                                              SHA-256:F8429073C7A83377AD754824B0B81040D68F8C1350A82FF4DCCF8BC4BF31F177
                                                                                                                                                                              SHA-512:CF818A9E88002D373019C0F3C9AF1BE27F20E074C662973898724124EC40F95CEC89F73D4A2F693C73D63981109EFB135057DEEC9245865C3F6351C128AB93D2
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%......................................................................................................................................................................................................................_....w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w..I..............2.w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w.....J............S....w..4...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...;....w..>......................?.w......Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y...Y.

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\info

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):15086
                                                                                                                                                                              Entropy (8bit):3.347251063198798
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:+h7OMtMrJbDG0UDLHMrhmZ1galQpAAAAAAAAAAAS55qjOlr9n:+6g0uyi1ZQpAAAAAAAAAAASXqjOp9n
                                                                                                                                                                              MD5:8595D2A2D58310B448729E28649443D6
                                                                                                                                                                              SHA1:08C1DF6FBF692F21157B2276EB1988AC732FF93C
                                                                                                                                                                              SHA-256:27F13C4829994B214BB1A26EEF474DA67C521FD429536CB8421BA2F7C3E02B5F
                                                                                                                                                                              SHA-512:AE409B8F210067AC194875E8EBF6A04797DF64FA92874646957B2213FB4A4F7DA2427EF1ED8D35CD2832B2A065E050298BAC0FC99C2A81DE4A569A417C2A1037
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%.....................................................................................................................{...............................................................................................................................................................................................rqr............................................................................................................................................................................................rqr............................................................................................................................................................................................tst............................................................................................................................................................................}................yxy...................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\installer_1.jpg

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS3 Windows, datetime=2020:08:03 07:37:44], baseline, precision 8, 495x310, components 3
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):43329
                                                                                                                                                                              Entropy (8bit):7.402690024686389
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:an2C2b4fYyYVvW7lcZwqsPbPrUxJsVY0AW:ZbbCMVvOlcy9bPreJsVY05
                                                                                                                                                                              MD5:19BB33D641C013F9B0C7337FD94AAFB7
                                                                                                                                                                              SHA1:E681F5C6CE2EC570DDEA8DC132F895B39ADDDA98
                                                                                                                                                                              SHA-256:A7EE15BA3CBBF1407DFE300A7047576731D70B4750BEFD3B1EAFC01293E5F34F
                                                                                                                                                                              SHA-512:124473416BB5D84B2DCF5EC405111DBDF570E6EA190FFF7D3557F154F3A34F88F8D20F1276BE2C4C9A785055F7F108F6E570B824CE091B9A3A330521A701D256
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:......JFIF.....,.,.....zExif..MM.*.............................b...........j.(...........1.........r.2...........i...............-...'..-...'.Adobe Photoshop CS3 Windows.2020:08:03 07:37:44.......................................6...........................................&.(.................................D.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................d...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....I%)$.IJI$.R..Q.R.I$...I%)$.IJI$.R.I$...I%?.....Y.W6.-mm.f...+#%....Pk...o....X.E....l....aC....{.UM.V<...i...P=gU{p

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\installer_2.jpg

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS3 Windows, datetime=2019:03:21 09:30:20], baseline, precision 8, 495x60, components 3
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):21645
                                                                                                                                                                              Entropy (8bit):7.085065241395685
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:7Rs7e3aEkn4lJ/DtmjYNMtKw0yKJjuxBMpm51gmNGEEGsSADh+M/gPL76RH:76Pn4lJkYNg70BJjM5GmKSyhZ/Y76p
                                                                                                                                                                              MD5:0D6F8DEAD3176EDE325BFF7EB8A058C6
                                                                                                                                                                              SHA1:ADBB95BCE1BD14FA965CFDE7DA029BACB4EC0187
                                                                                                                                                                              SHA-256:E92C4948B7C3B67B7982A578FAB230409E1A91FC97F44BE7EA7144CD2283858F
                                                                                                                                                                              SHA-512:14476BF75A301A37EF7B446A8F25D1C57738190CF0383F9FD0F95DF0AC91A12AB90192810C57109A2272BAC9864ACF758EF6163CF5710E276EFAB2F3BE63A297
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:......JFIF.....,.,......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............-...'..-...'.Adobe Photoshop CS3 Windows.2019:03:21 09:30:20.......................................<...........................................&.(.................................O.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....I%)$.IJI$.R.I$...I%)$.IJI$.S.l.T.H.[K..*.7S.!...............^=.._..O...5v....c.v.x-w..Y8.?/.}..eu=.S.l{.A...=F:.N..../

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\insticon

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):15086
                                                                                                                                                                              Entropy (8bit):3.9105220993102248
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:+7d0iiiiiiiuiiiiiiiZiiiiii0DMiiiiiiZiiiiiPiiiiiDfiiiiiMiiiii1Ji3:+TB4Gds1E2fVE5MF+mJwnwewO
                                                                                                                                                                              MD5:EAC3781BA9FB0502D6F16253EB67B2B4
                                                                                                                                                                              SHA1:5EFF4FCDC405732702432008AB43164CA6F37101
                                                                                                                                                                              SHA-256:F864E8640C98B65C6C1B9B66A850661E8397ED6E66B06F4424396275488AF1BE
                                                                                                                                                                              SHA-512:D108687995B5B02778FC7ACF3A66706E761103B1EE47305D852BF9A190BDF1722B4C6277A13B65BDAD9F4E3F92406F5C7B1B06444D1493F2D4B1AAEAF4176E06
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%....................................................................................................x...t..f..f..t.....x...".......................................................................................................................................................d................................d...........................................................................................i...N...N...N...N...N...N...N...N...N..S...`.....s.k................................................j....Z.................................................................................N.......................................N.......d..........................................................d...s.............................................................................N......................................If...c..................................................................d....X..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\lzmaextractor.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):16288
                                                                                                                                                                              Entropy (8bit):6.529105035939933
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:2gJ+fwJ2cfupI2aL7qFnM/CKXa3dNW+noPOJB3hy2sE9jBF0NyRYEl1:7Ow0cWpIrLee/PK3dBPxh8E9VF0Ny601
                                                                                                                                                                              MD5:1209694D14077763B5827B682BFB806D
                                                                                                                                                                              SHA1:BFBA89AFA036613C6FD7F202FB0C9817E306B80D
                                                                                                                                                                              SHA-256:674C4F6FBAF82BD7BAD3F196279A2A77F196169724403554EF32611F72C1F8A8
                                                                                                                                                                              SHA-512:8F4A9457D5906A028430CE53740FBAD5A31A2870CE2F5ED263995F01C782B07BD4DE9556CE5FCB645FDDFC2147DBAB255C48A7AFCFC73470B17CAA0C56E5AFEE
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Xu9H9.jH9.jH9.j.K.kG9.jH9.jx9.j.E.kM9.j.E.kI9.j.E.jI9.jH9.jI9.j.E.kI9.jRichH9.j................PE..L...=~.c.........."!..."............@........ ...............................`......J.....@.........................P".......$.......@..h................#...P..\....!..p............................................ ..X............................text...)........................... ..`.rdata..X.... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc..\....P......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\removico

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):15086
                                                                                                                                                                              Entropy (8bit):3.8375433162027344
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:+SqmR4fTBOTPsbZX78rXSEUFJVkKuCWGDiPlBaBR6J/g/ic9teKUwj11FQ:+SqmiTXZLPjkKuCNU7wic6PR
                                                                                                                                                                              MD5:1FFFE5C3CC990D0C012A428A59B2AE46
                                                                                                                                                                              SHA1:FAE8042826087D9BB4CD4194E7453D56A773EA64
                                                                                                                                                                              SHA-256:45791627AE8E67E6B616117CF21F04DA381722FAF08D07C0C25E0F28C9B8F82B
                                                                                                                                                                              SHA-512:694D63747AD129CA06EBD743E4090642E557F2260C62AA625321BC309C1E2E58D9BFFF1E0AEE37EFFE5FD4628938AD89B659C9ABB43FDC2CF2285212C1A209F2
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%.............................................................................................................................................................................................................................................................................................@..z......u..m..d..c..m..z..........`...%..............................................................................................................................l....g..c..c..c..c..c..c..c..c..c..c..c..c..c..c..x.......-.......................................................................................................=...g..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c.......F.............................................................................................c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..c..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\repairic

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):15086
                                                                                                                                                                              Entropy (8bit):3.5353892544389707
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:+7mrhLDFPIc+Q0VDnSOVKaZ8y4mV4pZeJh:+OhHFPvJurSV24mVb
                                                                                                                                                                              MD5:915E40A576FA41DC5F8486103341673E
                                                                                                                                                                              SHA1:528CF57F3775638E721C20A6988DBD322FB39273
                                                                                                                                                                              SHA-256:BF21B2BC3E7253968405F3D244CDB1C136672A5BDB088B524A333264898A2D11
                                                                                                                                                                              SHA-512:66385B58942BAF62B6B33AB646EA981D4A6682F8570B7DF4EFA1A7F4536CB35FE065803314877E95338B8DFB9A854E06A110BD0C2A2D3CE3A7C587E35006649E
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%....................................................................................................................................................................................................................................................................................................x...t..f..f..t.....x...".......................................................................................................................................................d................................d..............................................................................................6bbb.III.III.iii................................N.k................................................j....Z...............................................................................+RRR.III.III.III.III.TTT....(..................o.d..........................................................d...s......

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\tabback

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PC bitmap, Windows 3.x format, 1 x 200 x 24, cbSize 854, bits offset 54
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):854
                                                                                                                                                                              Entropy (8bit):3.802531598764924
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:kUGGGGGGGGjg/QUVdLbCKKKKKKWqqqqqqr:kGUVdnCKKKKKKWqqqqqqr
                                                                                                                                                                              MD5:4C3DDA35E23D44E273D82F7F4C38470A
                                                                                                                                                                              SHA1:B62BC59F3EED29D3509C7908DA72041BD9495178
                                                                                                                                                                              SHA-256:E728F79439E07DF1AFBCF03E8788FA0B8B08CF459DB31FC8568BC511BF799537
                                                                                                                                                                              SHA-512:AB27A59ECCDCAAB420B6E498F43FDFE857645E5DA8E88D3CFD0E12FE96B3BB8A5285515688C7EEC838BBE6C2A40EA7742A9763CF5438D740756905515D9B0CC5
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:BMV.......6...(.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7256\viewer.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):430480
                                                                                                                                                                              Entropy (8bit):6.6113343031040746
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:R8kYiMPKkC27Epq0nYfToC2vHx+PsJUzAiGjUVFF:R8kPMPo27Epq0n8ToDR+uyGjUvF
                                                                                                                                                                              MD5:ED15DDCBFE73B0A2D1E74720BEBE6A29
                                                                                                                                                                              SHA1:4364CA665C0B54C6A4FA651026F8DA7CE7429E5B
                                                                                                                                                                              SHA-256:3BF05A7F4A18DC7A17E876D542510255DE9408D5295EB900AA3417BE671434D0
                                                                                                                                                                              SHA-512:525A2CC0ECF7DFF4DC67157A096D03734FEA951359C2F296AD9240EB13E1DE197F8FF5C36BCAE9C2FDAC7363B3BE5586A0F1517D1B3D675B54907CBBF4D982AA
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........L............2.......2...O...........................2.......2.......2...........+... ....... .........|..... .......Rich............................PE..L....~.c.........."...."............-r............@......................................@.................................4........P...............d...-...`...9......p...................@..........@...............@............................text............................... ..`.rdata.. O.......P..................@..@.data....7..........................@....rsrc........P......................@..@.reloc...9...`...:...*..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\AiFilesRemoveImpers_AFBC5F3E_A4BA_45F5_AD51_E866312F779E.bak

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):89
                                                                                                                                                                              Entropy (8bit):1.518622607788485
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:/lL+XlaJl5lvt+XlKl5lkn:o1313n
                                                                                                                                                                              MD5:6F3C76DA7405563DE2A122209ADAEEC8
                                                                                                                                                                              SHA1:552B61ED12BC40967ED7F66C95D31985116C4A0D
                                                                                                                                                                              SHA-256:EE2B960AFA4E2D88096363CA64FA670B8EE8793687A2C1E0F5C2C3B569227990
                                                                                                                                                                              SHA-512:641C783FFF042DBCC82CEB4F39446F79278D2A0AC2FE826528951BB955DB90591B70FB39903E25C401F584687D3EB9858E566BC87C7827FDD78DEE9AE529BB7F
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:........C.:.\...........................C.:.\.....D.:.\...........................D.:.\..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\AiFilesRemoveNoImpers_AFBC5F3E_A4BA_45F5_AD51_E866312F779E.bak

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):89
                                                                                                                                                                              Entropy (8bit):1.518622607788485
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:/lL+XlaJl5lvt+XlKl5lkn:o1313n
                                                                                                                                                                              MD5:6F3C76DA7405563DE2A122209ADAEEC8
                                                                                                                                                                              SHA1:552B61ED12BC40967ED7F66C95D31985116C4A0D
                                                                                                                                                                              SHA-256:EE2B960AFA4E2D88096363CA64FA670B8EE8793687A2C1E0F5C2C3B569227990
                                                                                                                                                                              SHA-512:641C783FFF042DBCC82CEB4F39446F79278D2A0AC2FE826528951BB955DB90591B70FB39903E25C401F584687D3EB9858E566BC87C7827FDD78DEE9AE529BB7F
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:........C.:.\...........................C.:.\.....D.:.\...........................D.:.\..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MSIBCBD.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):570784
                                                                                                                                                                              Entropy (8bit):6.45015034296188
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:j+Sud3L4YgAc8wjVMeKRtGnm3CCRloVywX9gDAOJVafv5khoJQCmR+:j+SuPgAc8+MjGCCslegDTwX5/OCmR+
                                                                                                                                                                              MD5:2C9C51AC508570303C6D46C0571EA3A1
                                                                                                                                                                              SHA1:E3E0FE08FA11A43C8BCA533F212BDF0704C726D5
                                                                                                                                                                              SHA-256:FF86C76A8D5846B3A1AD58FF2FD8E5A06A84EB5899CDEE98E59C548D33335550
                                                                                                                                                                              SHA-512:DF5F1DEF5AAC44F39A2DFDE9C6C73F15F83A7374B4AD42B67E425CCB7AC99A64C5701B676AE46D2F7167A04A955158031A839E7878D100AAF8FAB0CE2059F127
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&r.gb..4b..4b..4.a.5o..4.a.5...4-o.5s..4-o.5z..4-o.5(..4.a.5{..4.a.5c..4.a.5E..4b..4...4.o.5...4.o.5c..4.ou4c..4b..4c..4.o.5c..4Richb..4................PE..L....}.c.........."!..."..................................................................@.....................................,....`...................#...p...b..8Y..p....................Y......xX..@...............<............................text...6........................... ..`.rdata..X...........................@..@.data...."...0......................@....rsrc........`.......&..............@..@.reloc...b...p...d..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MSIBD3B.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1101216
                                                                                                                                                                              Entropy (8bit):6.479817481500629
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24576:f/MVN/SFo2Cit/I0Rn0rItmncIQy4t0VM+6RRO9qZFTvqPvO6Ezvs5lh:Mv0Rn0rItYcuwwERO9qZFTvqPvO6Ezv8
                                                                                                                                                                              MD5:7768D9D4634BF3DC159CEBB6F3EA4718
                                                                                                                                                                              SHA1:A297E0E4DD61EE8F5E88916AF1EE6596CD216F26
                                                                                                                                                                              SHA-256:745DE246181EB58F48224E6433C810FFBAA67FBA330C616F03A7361FB1EDB121
                                                                                                                                                                              SHA-512:985BBF38667609F6A422A22AF34D9382AE4112E7995F87B6053A683A0AAA647E17BA70A7A83B5E1309F201FC12A53DB3C13FFD2B0FAD44C1374FFF6F07059CBF
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!...e...e...e......h.........*...t...*...}...*...6......|......z...e...K......_......d....%.d...e.M.d......d...Riche...................PE..L....~.c.........."!...".:...........B.......P......................................9.....@.............................t...4............................#.......:......p...................@...........@............P...............................text...>9.......:.................. ..`.rdata...L...P...N...>..............@..@.data...X...........................@....rsrc................h..............@..@.reloc...:.......<...n..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MSIBDF8.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):570784
                                                                                                                                                                              Entropy (8bit):6.45015034296188
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:j+Sud3L4YgAc8wjVMeKRtGnm3CCRloVywX9gDAOJVafv5khoJQCmR+:j+SuPgAc8+MjGCCslegDTwX5/OCmR+
                                                                                                                                                                              MD5:2C9C51AC508570303C6D46C0571EA3A1
                                                                                                                                                                              SHA1:E3E0FE08FA11A43C8BCA533F212BDF0704C726D5
                                                                                                                                                                              SHA-256:FF86C76A8D5846B3A1AD58FF2FD8E5A06A84EB5899CDEE98E59C548D33335550
                                                                                                                                                                              SHA-512:DF5F1DEF5AAC44F39A2DFDE9C6C73F15F83A7374B4AD42B67E425CCB7AC99A64C5701B676AE46D2F7167A04A955158031A839E7878D100AAF8FAB0CE2059F127
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&r.gb..4b..4b..4.a.5o..4.a.5...4-o.5s..4-o.5z..4-o.5(..4.a.5{..4.a.5c..4.a.5E..4b..4...4.o.5...4.o.5c..4.ou4c..4b..4c..4.o.5c..4Richb..4................PE..L....}.c.........."!..."..................................................................@.....................................,....`...................#...p...b..8Y..p....................Y......xX..@...............<............................text...6........................... ..`.rdata..X...........................@..@.data...."...0......................@....rsrc........`.......&..............@..@.reloc...b...p...d..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MSIBE18.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):570784
                                                                                                                                                                              Entropy (8bit):6.45015034296188
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:j+Sud3L4YgAc8wjVMeKRtGnm3CCRloVywX9gDAOJVafv5khoJQCmR+:j+SuPgAc8+MjGCCslegDTwX5/OCmR+
                                                                                                                                                                              MD5:2C9C51AC508570303C6D46C0571EA3A1
                                                                                                                                                                              SHA1:E3E0FE08FA11A43C8BCA533F212BDF0704C726D5
                                                                                                                                                                              SHA-256:FF86C76A8D5846B3A1AD58FF2FD8E5A06A84EB5899CDEE98E59C548D33335550
                                                                                                                                                                              SHA-512:DF5F1DEF5AAC44F39A2DFDE9C6C73F15F83A7374B4AD42B67E425CCB7AC99A64C5701B676AE46D2F7167A04A955158031A839E7878D100AAF8FAB0CE2059F127
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&r.gb..4b..4b..4.a.5o..4.a.5...4-o.5s..4-o.5z..4-o.5(..4.a.5{..4.a.5c..4.a.5E..4b..4...4.o.5...4.o.5c..4.ou4c..4b..4c..4.o.5c..4Richb..4................PE..L....}.c.........."!..."..................................................................@.....................................,....`...................#...p...b..8Y..p....................Y......xX..@...............<............................text...6........................... ..`.rdata..X...........................@..@.data...."...0......................@....rsrc........`.......&..............@..@.reloc...b...p...d..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MSIBE48.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):570784
                                                                                                                                                                              Entropy (8bit):6.45015034296188
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:j+Sud3L4YgAc8wjVMeKRtGnm3CCRloVywX9gDAOJVafv5khoJQCmR+:j+SuPgAc8+MjGCCslegDTwX5/OCmR+
                                                                                                                                                                              MD5:2C9C51AC508570303C6D46C0571EA3A1
                                                                                                                                                                              SHA1:E3E0FE08FA11A43C8BCA533F212BDF0704C726D5
                                                                                                                                                                              SHA-256:FF86C76A8D5846B3A1AD58FF2FD8E5A06A84EB5899CDEE98E59C548D33335550
                                                                                                                                                                              SHA-512:DF5F1DEF5AAC44F39A2DFDE9C6C73F15F83A7374B4AD42B67E425CCB7AC99A64C5701B676AE46D2F7167A04A955158031A839E7878D100AAF8FAB0CE2059F127
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&r.gb..4b..4b..4.a.5o..4.a.5...4-o.5s..4-o.5z..4-o.5(..4.a.5{..4.a.5c..4.a.5E..4b..4...4.o.5...4.o.5c..4.ou4c..4b..4c..4.o.5c..4Richb..4................PE..L....}.c.........."!..."..................................................................@.....................................,....`...................#...p...b..8Y..p....................Y......xX..@...............<............................text...6........................... ..`.rdata..X...........................@..@.data...."...0......................@....rsrc........`.......&..............@..@.reloc...b...p...d..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MSIBE68.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):570784
                                                                                                                                                                              Entropy (8bit):6.45015034296188
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:j+Sud3L4YgAc8wjVMeKRtGnm3CCRloVywX9gDAOJVafv5khoJQCmR+:j+SuPgAc8+MjGCCslegDTwX5/OCmR+
                                                                                                                                                                              MD5:2C9C51AC508570303C6D46C0571EA3A1
                                                                                                                                                                              SHA1:E3E0FE08FA11A43C8BCA533F212BDF0704C726D5
                                                                                                                                                                              SHA-256:FF86C76A8D5846B3A1AD58FF2FD8E5A06A84EB5899CDEE98E59C548D33335550
                                                                                                                                                                              SHA-512:DF5F1DEF5AAC44F39A2DFDE9C6C73F15F83A7374B4AD42B67E425CCB7AC99A64C5701B676AE46D2F7167A04A955158031A839E7878D100AAF8FAB0CE2059F127
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&r.gb..4b..4b..4.a.5o..4.a.5...4-o.5s..4-o.5z..4-o.5(..4.a.5{..4.a.5c..4.a.5E..4b..4...4.o.5...4.o.5c..4.ou4c..4b..4c..4.o.5c..4Richb..4................PE..L....}.c.........."!..."..................................................................@.....................................,....`...................#...p...b..8Y..p....................Y......xX..@...............<............................text...6........................... ..`.rdata..X...........................@..@.data...."...0......................@....rsrc........`.......&..............@..@.reloc...b...p...d..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MSIBF24.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1101216
                                                                                                                                                                              Entropy (8bit):6.479817481500629
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24576:f/MVN/SFo2Cit/I0Rn0rItmncIQy4t0VM+6RRO9qZFTvqPvO6Ezvs5lh:Mv0Rn0rItYcuwwERO9qZFTvqPvO6Ezv8
                                                                                                                                                                              MD5:7768D9D4634BF3DC159CEBB6F3EA4718
                                                                                                                                                                              SHA1:A297E0E4DD61EE8F5E88916AF1EE6596CD216F26
                                                                                                                                                                              SHA-256:745DE246181EB58F48224E6433C810FFBAA67FBA330C616F03A7361FB1EDB121
                                                                                                                                                                              SHA-512:985BBF38667609F6A422A22AF34D9382AE4112E7995F87B6053A683A0AAA647E17BA70A7A83B5E1309F201FC12A53DB3C13FFD2B0FAD44C1374FFF6F07059CBF
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!...e...e...e......h.........*...t...*...}...*...6......|......z...e...K......_......d....%.d...e.M.d......d...Riche...................PE..L....~.c.........."!...".:...........B.......P......................................9.....@.............................t...4............................#.......:......p...................@...........@............P...............................text...>9.......:.................. ..`.rdata...L...P...N...>..............@..@.data...X...........................@....rsrc................h..............@..@.reloc...:.......<...n..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MSIBF54.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):722336
                                                                                                                                                                              Entropy (8bit):6.433493638608556
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:xDCGkZjiIiS4fZrmrRahiyN+bqpoMU0Z/4CwwEjD4JyVzIXy9e550L96RgO5uh:x7kZVI+ep5U2fvEjD4wzIXP50L96RX5u
                                                                                                                                                                              MD5:E361F7BFAAC80FF5BAC709905D6B1A16
                                                                                                                                                                              SHA1:724D294983509FD37CF282403E25F26890FBFC8F
                                                                                                                                                                              SHA-256:44CFE8ECE8A14C06BC0C953176680623E802769B921F39B86647B541EF1EB06D
                                                                                                                                                                              SHA-512:47B7D7BEB22484B67F05A3DBF28F78E3C55F1FF07204EAC613E6912F82C713E4E8622D5F40A6A04731F6A9E0E5AB15E05B132493A4B06F882532A470A4BDDEDF
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......m..D)...)...).......$...........f...8...f...1.......0...f...t.......(.......>...)...F.......a.......(.....*.(...).B.(.......(...Rich)...........................PE..L...S~.c.........."!..."..................................................... ............@.........................@M......\N..........h................#.......o..8@..p....................@..........@....................K..@....................text...|........................... ..`.rdata..Bb.......d..................@..@.data....'...p.......V..............@....rsrc...h............l..............@..@.reloc...o.......p...r..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MSIBFA3.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):570784
                                                                                                                                                                              Entropy (8bit):6.45015034296188
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:j+Sud3L4YgAc8wjVMeKRtGnm3CCRloVywX9gDAOJVafv5khoJQCmR+:j+SuPgAc8+MjGCCslegDTwX5/OCmR+
                                                                                                                                                                              MD5:2C9C51AC508570303C6D46C0571EA3A1
                                                                                                                                                                              SHA1:E3E0FE08FA11A43C8BCA533F212BDF0704C726D5
                                                                                                                                                                              SHA-256:FF86C76A8D5846B3A1AD58FF2FD8E5A06A84EB5899CDEE98E59C548D33335550
                                                                                                                                                                              SHA-512:DF5F1DEF5AAC44F39A2DFDE9C6C73F15F83A7374B4AD42B67E425CCB7AC99A64C5701B676AE46D2F7167A04A955158031A839E7878D100AAF8FAB0CE2059F127
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&r.gb..4b..4b..4.a.5o..4.a.5...4-o.5s..4-o.5z..4-o.5(..4.a.5{..4.a.5c..4.a.5E..4b..4...4.o.5...4.o.5c..4.ou4c..4b..4c..4.o.5c..4Richb..4................PE..L....}.c.........."!..."..................................................................@.....................................,....`...................#...p...b..8Y..p....................Y......xX..@...............<............................text...6........................... ..`.rdata..X...........................@..@.data...."...0......................@....rsrc........`.......&..............@..@.reloc...b...p...d..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MSIBFF3.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):570784
                                                                                                                                                                              Entropy (8bit):6.45015034296188
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:j+Sud3L4YgAc8wjVMeKRtGnm3CCRloVywX9gDAOJVafv5khoJQCmR+:j+SuPgAc8+MjGCCslegDTwX5/OCmR+
                                                                                                                                                                              MD5:2C9C51AC508570303C6D46C0571EA3A1
                                                                                                                                                                              SHA1:E3E0FE08FA11A43C8BCA533F212BDF0704C726D5
                                                                                                                                                                              SHA-256:FF86C76A8D5846B3A1AD58FF2FD8E5A06A84EB5899CDEE98E59C548D33335550
                                                                                                                                                                              SHA-512:DF5F1DEF5AAC44F39A2DFDE9C6C73F15F83A7374B4AD42B67E425CCB7AC99A64C5701B676AE46D2F7167A04A955158031A839E7878D100AAF8FAB0CE2059F127
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&r.gb..4b..4b..4.a.5o..4.a.5...4-o.5s..4-o.5z..4-o.5(..4.a.5{..4.a.5c..4.a.5E..4b..4...4.o.5...4.o.5c..4.ou4c..4b..4c..4.o.5c..4Richb..4................PE..L....}.c.........."!..."..................................................................@.....................................,....`...................#...p...b..8Y..p....................Y......xX..@...............<............................text...6........................... ..`.rdata..X...........................@..@.data...."...0......................@....rsrc........`.......&..............@..@.reloc...b...p...d..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MSIC1E8.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):570784
                                                                                                                                                                              Entropy (8bit):6.45015034296188
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:j+Sud3L4YgAc8wjVMeKRtGnm3CCRloVywX9gDAOJVafv5khoJQCmR+:j+SuPgAc8+MjGCCslegDTwX5/OCmR+
                                                                                                                                                                              MD5:2C9C51AC508570303C6D46C0571EA3A1
                                                                                                                                                                              SHA1:E3E0FE08FA11A43C8BCA533F212BDF0704C726D5
                                                                                                                                                                              SHA-256:FF86C76A8D5846B3A1AD58FF2FD8E5A06A84EB5899CDEE98E59C548D33335550
                                                                                                                                                                              SHA-512:DF5F1DEF5AAC44F39A2DFDE9C6C73F15F83A7374B4AD42B67E425CCB7AC99A64C5701B676AE46D2F7167A04A955158031A839E7878D100AAF8FAB0CE2059F127
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&r.gb..4b..4b..4.a.5o..4.a.5...4-o.5s..4-o.5z..4-o.5(..4.a.5{..4.a.5c..4.a.5E..4b..4...4.o.5...4.o.5c..4.ou4c..4b..4c..4.o.5c..4Richb..4................PE..L....}.c.........."!..."..................................................................@.....................................,....`...................#...p...b..8Y..p....................Y......xX..@...............<............................text...6........................... ..`.rdata..X...........................@..@.data...."...0......................@....rsrc........`.......&..............@..@.reloc...b...p...d..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MSIF6C.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):570784
                                                                                                                                                                              Entropy (8bit):6.45015034296188
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:j+Sud3L4YgAc8wjVMeKRtGnm3CCRloVywX9gDAOJVafv5khoJQCmR+:j+SuPgAc8+MjGCCslegDTwX5/OCmR+
                                                                                                                                                                              MD5:2C9C51AC508570303C6D46C0571EA3A1
                                                                                                                                                                              SHA1:E3E0FE08FA11A43C8BCA533F212BDF0704C726D5
                                                                                                                                                                              SHA-256:FF86C76A8D5846B3A1AD58FF2FD8E5A06A84EB5899CDEE98E59C548D33335550
                                                                                                                                                                              SHA-512:DF5F1DEF5AAC44F39A2DFDE9C6C73F15F83A7374B4AD42B67E425CCB7AC99A64C5701B676AE46D2F7167A04A955158031A839E7878D100AAF8FAB0CE2059F127
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&r.gb..4b..4b..4.a.5o..4.a.5...4-o.5s..4-o.5z..4-o.5(..4.a.5{..4.a.5c..4.a.5E..4b..4...4.o.5...4.o.5c..4.ou4c..4b..4c..4.o.5c..4Richb..4................PE..L....}.c.........."!..."..................................................................@.....................................,....`...................#...p...b..8Y..p....................Y......xX..@...............<............................text...6........................... ..`.rdata..X...........................@..@.data...."...0......................@....rsrc........`.......&..............@..@.reloc...b...p...d..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MSIF9C.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):570784
                                                                                                                                                                              Entropy (8bit):6.45015034296188
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:j+Sud3L4YgAc8wjVMeKRtGnm3CCRloVywX9gDAOJVafv5khoJQCmR+:j+SuPgAc8+MjGCCslegDTwX5/OCmR+
                                                                                                                                                                              MD5:2C9C51AC508570303C6D46C0571EA3A1
                                                                                                                                                                              SHA1:E3E0FE08FA11A43C8BCA533F212BDF0704C726D5
                                                                                                                                                                              SHA-256:FF86C76A8D5846B3A1AD58FF2FD8E5A06A84EB5899CDEE98E59C548D33335550
                                                                                                                                                                              SHA-512:DF5F1DEF5AAC44F39A2DFDE9C6C73F15F83A7374B4AD42B67E425CCB7AC99A64C5701B676AE46D2F7167A04A955158031A839E7878D100AAF8FAB0CE2059F127
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&r.gb..4b..4b..4.a.5o..4.a.5...4-o.5s..4-o.5z..4-o.5(..4.a.5{..4.a.5c..4.a.5E..4b..4...4.o.5...4.o.5c..4.ou4c..4b..4c..4.o.5c..4Richb..4................PE..L....}.c.........."!..."..................................................................@.....................................,....`...................#...p...b..8Y..p....................Y......xX..@...............<............................text...6........................... ..`.rdata..X...........................@..@.data...."...0......................@....rsrc........`.......&..............@..@.reloc...b...p...d..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\PCPrivacyShield.Util.Browser.Chrome.?????????????????????????????????????????.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):28672
                                                                                                                                                                              Entropy (8bit):2.5793180405395284
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                              MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                              SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                              SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                              SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\PCPrivacyShield.Util.Browser.Edge.?????????????????????????????????????????.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):126976
                                                                                                                                                                              Entropy (8bit):0.47147045728725767
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                              MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                              SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                              SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                              SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\PCPrivacyShield.Util.Browser.Firefox.?????????????????????????????????????????.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              File Type:SQLite 3.x database, user version 75, last written using SQLite version 3018000, page size 32768, writer version 2, read version 2, file counter 1, database pages 46, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1507328
                                                                                                                                                                              Entropy (8bit):0.11741499211540048
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:j8rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHIE:j8r54w0VW3xWZWdOBQFal3dQn
                                                                                                                                                                              MD5:34923491A5EAF7AC256FD4B69CD4D423
                                                                                                                                                                              SHA1:71136E1ABE25C7CA2B1F75ADD208E5C5D8608623
                                                                                                                                                                              SHA-256:B5EB48D0DBDE025776ED31A203925C625FFBC960405FEAD72A2806586F84E98E
                                                                                                                                                                              SHA-512:6FF98F26BBE2EC7DD24E832FC3ED2D7490A4A659DFD62336447FB992935ACE01EA6F1C627AC7CB1588A1E0D676199D4AF480A01991E103BC4082DB980265658A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:SQLite format 3......@ .......................................K........................................-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\PCPrivacyShield.Util.Browser.Firefox.?????????????????????????????????????????.tmp-journal

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              File Type:SQLite Rollback Journal
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):512
                                                                                                                                                                              Entropy (8bit):0.28499812076190567
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:7FEG2l/SR1ltl:7+/l/w
                                                                                                                                                                              MD5:36BC9F4785C6937F2D7F06CE9A319EB4
                                                                                                                                                                              SHA1:C8BA50651A5516E7BEAF1A97F8622FFB9C5DED79
                                                                                                                                                                              SHA-256:54CF6727E124FE63F5FD06E69F674275D32670C1EAD8D6EBCC0636ECBF384632
                                                                                                                                                                              SHA-512:38223D3A88F5913AB9D692ED30677BCB75F92C67CFE9140F571579F7945A18D672518780408A6BD9E2D4C7172EDB724992AEF3475A0E47DEE2EBB558B401D602
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.... .c.......}<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\PCPrivacyShield.Util.Browser.Firefox.?????????????????????????????????????????.tmp-shm

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                              Entropy (8bit):0.017262956703125623
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                              MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                              SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                              SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                              SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\cookies.sqlite

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):98304
                                                                                                                                                                              Entropy (8bit):0.08235737944063153
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                              MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                              SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                              SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                              SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\cookies.sqlite-shm

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                              Entropy (8bit):0.017262956703125623
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                              MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                              SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                              SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                              SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\shiBC20.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):5038592
                                                                                                                                                                              Entropy (8bit):6.043058205786219
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:49152:vVkDvLSkqdbEsuV+ebMh8w+/H8pF/bmlEyGjWvcP1xQ+X7TqVAMPLfQyim8kznsY:2Ll+Mn0WHl9VA2ic/
                                                                                                                                                                              MD5:11F7419009AF2874C4B0E4505D185D79
                                                                                                                                                                              SHA1:451D8D0470CEDB268619BA1E7AE78ADAE0EBA692
                                                                                                                                                                              SHA-256:AC24CCE72F82C3EBBE9E7E9B80004163B9EED54D30467ECE6157EE4061BEAC95
                                                                                                                                                                              SHA-512:1EABBBFDF579A93BBB055B973AA3321FC8DC8DA1A36FDE2BA9A4D58E5751DC106A4A1BBC4AD1F425C082702D6FBB821AA1078BC5ADC6B2AD1B5CE12A68058805
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.D!...!...!...(.V.C...5..."...5...&...5...)...!......5...:...5... ...5...R...5.:. ...5... ...Rich!...................PE..d...p............." .........D...............................................`M.....'.M...`A........................................@.H.L&....I......@K.H.....I..............@M.....`J:.p.......................(....%..............@.......$.H......................text...4B.......D.................. ..`.wpp_sf.....`.......H.............. ..`.rdata...L*......N*.................@..@.data...hD...PI......*I.............@....pdata........I......2I.............@..@.didat.......0K.......J.............@....rsrc...H....@K.......J.............@..@.reloc.......@M.. ....L.............@..B........................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\shiD063.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):5038592
                                                                                                                                                                              Entropy (8bit):6.043058205786219
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:49152:vVkDvLSkqdbEsuV+ebMh8w+/H8pF/bmlEyGjWvcP1xQ+X7TqVAMPLfQyim8kznsY:2Ll+Mn0WHl9VA2ic/
                                                                                                                                                                              MD5:11F7419009AF2874C4B0E4505D185D79
                                                                                                                                                                              SHA1:451D8D0470CEDB268619BA1E7AE78ADAE0EBA692
                                                                                                                                                                              SHA-256:AC24CCE72F82C3EBBE9E7E9B80004163B9EED54D30467ECE6157EE4061BEAC95
                                                                                                                                                                              SHA-512:1EABBBFDF579A93BBB055B973AA3321FC8DC8DA1A36FDE2BA9A4D58E5751DC106A4A1BBC4AD1F425C082702D6FBB821AA1078BC5ADC6B2AD1B5CE12A68058805
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.D!...!...!...(.V.C...5..."...5...&...5...)...!......5...:...5... ...5...R...5.:. ...5... ...Rich!...................PE..d...p............." .........D...............................................`M.....'.M...`A........................................@.H.L&....I......@K.H.....I..............@M.....`J:.p.......................(....%..............@.......$.H......................text...4B.......D.................. ..`.wpp_sf.....`.......H.............. ..`.rdata...L*......N*.................@..@.data...hD...PI......*I.............@....pdata........I......2I.............@..@.didat.......0K.......J.............@....rsrc...H....@K.......J.............@..@.reloc.......@M.. ....L.............@..B........................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\computerid

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files (x86)\PC Privacy Shield\InstAct.exe
                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):48
                                                                                                                                                                              Entropy (8bit):4.918295834054491
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:3iVUIpsPLx/n1k61VDQngjEfn:3i+IA/26Igju
                                                                                                                                                                              MD5:89282F8E08C335EB63CADD2F49B7E066
                                                                                                                                                                              SHA1:F709B5C9FAF5042599205747DF788F129C79FF82
                                                                                                                                                                              SHA-256:214CF3E0EB88F4B324DB7AF97E8AD716C77EB4481BE954F3C00BF52396AA0AFC
                                                                                                                                                                              SHA-512:113154662ABB881ED6A5B0A39BD44AFDF4296721087CF92C2D17F2BBF83A93A6DE26AF610A1BD4C44114BA3E1A5DE95329A0052A0F052839B98B4442F2621E53
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:EAAAANp1mLbpiQ5pY/8nTbzBPXcpuPg3ig5KhNHwEVH0aUdC

                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                              Entropy (8bit):0.017262956703125623
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                              MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                              SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                              SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                              SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Armt.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):62864
                                                                                                                                                                              Entropy (8bit):6.807759537976002
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:Q1sVkIaVq2i5z552XRoKbq0xbbll1IFQKGiUWXLoMGHphPIFiU+u+vNZvnAMxkEp:Q+WKhz5gmmpeFpzHLzvt+u+v/vHxN
                                                                                                                                                                              MD5:F669441971B6F7F145771B7591BE0980
                                                                                                                                                                              SHA1:51761F3B2F7514A1FDC31B3352C1670A92B55948
                                                                                                                                                                              SHA-256:C1FEA02E8E52119CED40D08A856908F346B631B26B1AC95C51C8FF46C0CD60C1
                                                                                                                                                                              SHA-512:465320750F42C3F0AA62B47DFEC475E51C9EE9C66799002B6FCD26394B4E0C0E81F58BEEF2B0FD0ACC5569BB549D8853424333BEC2048ABBE00466578CB25703
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6;..........."...0..v...N.......@....... ....@.. .......................`......Q2....`.................................x...S........................-... .......................................................@..................H...........n.I7.-.I.D... ...F..................@....text...xr.......t...J.............. ..`.rsrc...............................@..@.reloc....... ......................@..B.............@...................... ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Armt.exe.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):186
                                                                                                                                                                              Entropy (8bit):4.942919098144707
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:vFWWMNHU8LdgCQcIMOofMuQVQDURAmIRMNHjFHr0lUfEyhTRGfFvREBAW4QIMOov:TMVBd1IGMfVJ7VJdfEyFRmJuAW4QIm
                                                                                                                                                                              MD5:B51C130A957051BA9FB2245BF76FB6F6
                                                                                                                                                                              SHA1:42181E5745DAAB2A0E8CF87693142828306F9BDA
                                                                                                                                                                              SHA-256:7921098E47E894412FDFD0CAFE0F88CC68497740998EAC17C68C00129069D803
                                                                                                                                                                              SHA-512:FA2AC3EFF5D51AEA7ACC9CF6AA018A77FAE295D55C5BF808C9D7048C801BAF4626568F00FB001A9F2780C46DCE294482CFEB3045AABE139DDC557C0D3BC11640
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2"/>.. </startup>..</configuration>..

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\BouncyCastle.Crypto.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):2542992
                                                                                                                                                                              Entropy (8bit):5.82573983822512
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:49152:T4/4hyBYKMD+SNfXCwJtezvOd0HSC3souk1b3o:EMD+SNfCWtws
                                                                                                                                                                              MD5:038CCD987FA6A35E08D43E03764BF4E2
                                                                                                                                                                              SHA1:D7DDDC8A1C2B90DEAC2CE91D8E41A83F90EA2735
                                                                                                                                                                              SHA-256:623D7C005753177930374D649C33742A8BE69EAC391AF5764CF33048E87385F6
                                                                                                                                                                              SHA-512:8FB2CF0943591BE8C89CCE3BCDB0D1250A26B2E0666B5B91ED7B0FADBC5CF6A014C4CAEFE43088C97DA98EB54E23029F322CC4E09E74F7CA267A7C0BA3DF3CE2
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....S\...........!.....p&.. ........&.. ....&...@.. ........................&.....0t'.....................................D.&.W.....&.`.............&..-....&...................................................... ............... ..H............text....d&.. ...p&................. ..`.rsrc...`.....&.......&.............@..@.reloc........&.......&.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Bsm.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):24976
                                                                                                                                                                              Entropy (8bit):6.750532114373355
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:RNx6m40QSiO3j9xzckxyYQfUWGjkpwK36ws8AM+o/8E9VF0NymHk:P0mxQShj9FzyYdP38AMxkEF
                                                                                                                                                                              MD5:07363CD395A7B7E1896D7CB5391132C5
                                                                                                                                                                              SHA1:662C89FD482E83681DD1F8DDB2AE507315F62F3D
                                                                                                                                                                              SHA-256:94B28E1AC1E1467981226FDC36D894778C4B98F39285EE9005732B15666DEE61
                                                                                                                                                                              SHA-512:E44243AE7C5F820D51DF72286EF3FA56AEA06F1B4C1E929533ED6D642F6180743E72E0C43DE8482674BAE59B3EC26C376AE730B7AA97F0C5D5FA84179EB618C7
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...fr.............!..0..,...........K... ...`....... ...................................@.................................xK..O....`...............4...-..........\K............................................... ............... ..H............text....+... ...,.................. ..`.rsrc........`......................@..@.reloc...............2..............@..B.................K......H........)..X"..........................................................z..}......}......}.......}....*...o.....Z.}......{.....X.}......(....}....*^.{....(.....~....}....*2.{....(....*.0..|.......r...p.(....%.is..... ....s.........+4......o......... ....(....&..o....(......o.......X......i2.....o.....Yo....r5..po.....*.0..9.......r...p......o.....(....-....\.o....o.....Xo.......(....*.*....0..........s......o ....+v..(!....(.......("...o......+;...("......o......o#...,"...($.

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\CaByp.CA.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):2501232
                                                                                                                                                                              Entropy (8bit):7.931852713018163
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:49152:PMY7+fqtne3fIkZrP3Hyv+pd248eN3mn9LNhSJfmxoJ/iY9CSbCdfJzjAs:PD7QUne3AUj3w+724QZhIeoJqmbC/d
                                                                                                                                                                              MD5:3F0505139F9AE1BF6FDD30CC73B62728
                                                                                                                                                                              SHA1:A69EFC6A9C0B7AC22C2F261585D7470CFB762DB3
                                                                                                                                                                              SHA-256:658C1D4DDDF1AFB8BB9F456DB4780129905AB7EA90988DD36258DE5C13450F2E
                                                                                                                                                                              SHA-512:EE71D308B9684D3A175ABBB05C7820D4781EEC9179FB57CA9DA9DDBB79E80F5B70DC5C27C9320B4807DDF909E5F6D52AD50002789A15D49C11206CB183CD0FD4
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................$.&...@.........................0}...*......x.....................%..-......4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...............................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\CaByp.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):289168
                                                                                                                                                                              Entropy (8bit):5.824310384948223
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:TNEk+RH0S9pPMdhToNQKJ1/O8Quo4W3xuxL:TNENRH0QPMdhToNQKJ1/O8Quo4W3xuxL
                                                                                                                                                                              MD5:5811D5410C62566A05D65CC6BA542FC4
                                                                                                                                                                              SHA1:1B8A5383877F8E5BD691E53EAF494BB6A6C33E6F
                                                                                                                                                                              SHA-256:4B960F91B789C6370A868A529FFFBDCD89F19E4F324F61A493EBA6D18A86A7E2
                                                                                                                                                                              SHA-512:44229BFD23EB32635EBFD4F4925120FE4536D7569813DC3FAED878F30B5C24AF52F5E31F4BD45CAF8789718705EE949FAA8DC63FB8427B662FB7DA2E0F20256A
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..e...........!..0...................... ....... ....................................`.....................................O....`...............<...-..............................................................................H...........H.hex%(F..... ......................@....text.............................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.....................:.............. ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\ExcelDataReader.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):185744
                                                                                                                                                                              Entropy (8bit):6.179919060526076
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:94sAu3LFrmW7nlwPWAHv2wwBf/wi3Zwnrt4c/X7nVng:94sAUfjqlv/a/wianrmGlg
                                                                                                                                                                              MD5:D26D4C5D5BFC54E21590CBCF1BAEE738
                                                                                                                                                                              SHA1:BBD885C8D07A2E35BB047708E0D1045848E5F9D0
                                                                                                                                                                              SHA-256:BA0EFC85B62008DF78715B38314665322816F7C9CD5870AE7FC2B34AA3A78877
                                                                                                                                                                              SHA-512:7136E2E33E3DEFA25B4FBFD335EBCB30FD653465CAAD93CE8D692D98BEF63F7589A590D7E03FE1B05C815F49AFA11E06B0056C141352FCC73C12A8D1CA365404
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[3..........." ..0.................. ........... ....................................`.....................................O.......<................-..............T............................................ ............... ..H............text...H.... ...................... ..`.rsrc...<...........................@..@.reloc..............................@..B.......................H...........0...................0........................................0..G........((..........(....&...Y(........Y(..........(....&...Y(........Y(.....*..((.......(.......(.......(........(.....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*~.().........s....(*.....(+....*...(,.....(-...%-.&+.(....%-.&+.(.......(*....*~.(/.........s....(0.....(1....*...(2.....(3...%-.&+.(....%-.&+.(.......(0....*.0..............(4.......(......*....................0..

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\ICSharpCode.SharpZipLib.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):212368
                                                                                                                                                                              Entropy (8bit):5.842547845972743
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:9jMibqfQqFyGCDXiW9Pp/+Tl4abpuu201PB1BBXIDwtqSPVINrAfvp1yR8l:aibqI59PpOPf201/z7pIR8l
                                                                                                                                                                              MD5:42BDB6EBD0B3F8A18A9109983CD1B416
                                                                                                                                                                              SHA1:34C73A9EC9D4B5EEA39692FFDE24937DEE11BEEB
                                                                                                                                                                              SHA-256:A7ADEE4A9C0C8B6BC7FDD36D13BB918BB9AE441BB659D7067F390A85C9356F38
                                                                                                                                                                              SHA-512:E9154D49247767C9F228DDA16FA8F420B900090D724908E0C4769422A049C8D01FABB975F39D703A9E0CDEE341BE0C43B1977FECE465E2EF4441B28295878A9B
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<.K...........!......... ......^.... ........@.. .......................@.......>....@.....................................K........................-... ....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\InstAct.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):97168
                                                                                                                                                                              Entropy (8bit):6.72212974939906
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:y6mhDcl14R1sGF+JtmjNc7MhvkxwZm00GQFQnJ5sFBhoAUWxf:Ucl14RWWKAhkxwZm00GQFQnJ5sFBhoAp
                                                                                                                                                                              MD5:DC1153D77C40FE6977E0D4AC65866534
                                                                                                                                                                              SHA1:A3D9B20F81D90A22358D2123FBF06DF9E5713B47
                                                                                                                                                                              SHA-256:CC655807F733589215C29A27C03765579BD1C0A5FA0CFB2EB70E23D1848B3C14
                                                                                                                                                                              SHA-512:7829E020CAFF3C2FAE50607E8879A1379FC2B060C17F078540377CE7C1181D7A82FADDF04C0C9645921B72E6D9D9E6476484DA00EC54594CE2C745C84BA8AE04
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...}..e..............0...................... ....@.. ..............................zj....`.....................................O....................N...-..............................................................................H...........H.hex%(Fhs... ...t..................@....text................x.............. ..`.rsrc................:..............@..@.reloc...............J..............@..B.....................L.............. ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\InstAct.exe.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):232
                                                                                                                                                                              Entropy (8bit):4.9291270848865505
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:TMVBdTMkIffVymRMT4/0xC/C7VrfC7VNQAopuAW4QIm:TMHd413VymhsS+Qzop93xm
                                                                                                                                                                              MD5:DEA7F3714D54D630D31C8E9F8D5B2CE6
                                                                                                                                                                              SHA1:BF3A234D5AFFF9A61E468450ED716157AA47C3DD
                                                                                                                                                                              SHA-256:6C34A02A0C84BA2126A7408A3093C213792188A7838265DD1E4AC816988E8934
                                                                                                                                                                              SHA-512:374EB698BC372B125DEBDB6CC89A148CBB7ACF865C4E0E3AF629695A97FC1930AA86E3C3D0ECF3155644964C615A25C4180C6D85C892AAA4A96A885B3922A607
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727"/>.. </startup>..</configuration>..

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):184240
                                                                                                                                                                              Entropy (8bit):5.876033362692288
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                              MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                              SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                              SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                              SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Microsoft.Win32.TaskScheduler.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):303504
                                                                                                                                                                              Entropy (8bit):6.178302726414292
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:/1BS4AY/z4VWTl5uxhFN/4NGEMGp/DsjzaWduZJB:/PBAY/8YTlshiX9AnaISP
                                                                                                                                                                              MD5:A17277397A35FDC160234213369750AA
                                                                                                                                                                              SHA1:C05A97885DF890D5ACA4549BD5CFCBE856EA1ACC
                                                                                                                                                                              SHA-256:7EA2D76D76AEAAA898445050AB594C162FF312C32B1A4F9225C0C24F470EBACB
                                                                                                                                                                              SHA-512:1985E35CF388398BBE0EB7F2FC28B1DA4C318386ABED83083CEB90C453D73993798120280BD52674566DA661481F91DEDF9787A2EFDDC78F32EDEA9F965EDF73
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......V.........." ..0..j............... ........... ...................................@.................................H...O.......@............t...-........................................................... ............... ..H............text....h... ...j.................. ..`.rsrc...@............l..............@..@.reloc...............r..............@..B................|.......H........s..................W............................................{~...*..{....*V.(......}~.....}....*...0..;........u#.....,/(.....{~....{~...o....,.(.....{.....{....o....*.*. .F*. )UU.Z(.....{~...o....X )UU.Z(.....{....o....X*.0...........r...p......%..{~..........&.....&...-.q&........&...-.&.+...&...o.....%..{...........'.....'...-.q'........'...-.&.+...'...o.....(....*..{....*..{....*..{....*r.(......}......}......}....*....0..S........u(.....,G(.....{.....{....o

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Newtonsoft.Json.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):533904
                                                                                                                                                                              Entropy (8bit):5.922147639668495
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:jdgb9ewwFqjzz0PGrlEj/9wD82/4fGuHdln4akzxbcPuZF3GhXOtiTrd9DUIBaLF:EwMi7D8ueq7GBpdT9t78I0xj5I
                                                                                                                                                                              MD5:114427C622CBF51A8D6A309AFA86D3B9
                                                                                                                                                                              SHA1:CDB86ED59DFF9F8B51B5F48AD874DDAB9A9BEA15
                                                                                                                                                                              SHA-256:C5F652C0D14EE7D506C240B1241A0F85EB0FA1A0413A59287557F6298415DC78
                                                                                                                                                                              SHA-512:4987A0846C2B906FB44E0344C27AA6B447E70C5ED9B27B08ACE7529ECC536FFEE5A02FDBF3C5BCF7517A033279CCA4A115289D2B82626A95CDAD27E5CC793D78
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......X.........." ..0.............J.... ... ....... .......................`......[.....@.....................................O.... ..p................-...@....................................................... ............... ..H............text........ ...................... ..`.rsrc...p.... ......................@..@.reloc.......@......................@..B................,.......H........D..8...............X...@.........................................(8...*"..(9...*..(....*"..(....*&...(....*&...(....*F...(.......s....*..(....*..{....*"..}....*..{....*"..}....*V.(......(......(....*...}".....(....}%.....}#.....}$...*..0..E........{"......YE................+..{$...o.....X*.{#...j(-....X*r...ps....z....0...........{"......YE........R...R...*.{$.....~!...o......!.r...po....&..o....&.r...po....&*.o.....1....o....&..o....&*..[o....&..{#...o....&..]o....&

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\OpacityGuide.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):543632
                                                                                                                                                                              Entropy (8bit):6.930801208561013
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:E6nXfZtVRLqo/xPhAM5m7M3hMStt18IQVE5jKwuJ5C96BfiZs779ZYgss0:EGvZtfqo/qY3s0
                                                                                                                                                                              MD5:7E052016DEE700F3785AF8C5C23A4258
                                                                                                                                                                              SHA1:986D11EDB7D3992AE8B446D12D38823B1F054E44
                                                                                                                                                                              SHA-256:F8E61827157F6262155A0202831D041053839CBF7895C32A821C3A1796477863
                                                                                                                                                                              SHA-512:B8CAA976F1BCC7099CD3A9A680E4EE6D14DD6BB193FCAB504646153CE27F67478E2A45844A33A5DD556D8BE448B45E974DB9D826B25E61130A7049C9E5D0B4C6
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0..................@... ....... ...............................m....`.................................xH..S....@.. ................-...`.......................................................................@..H...........n.I7.-.I8.... ......................@....text...X....@...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................................... ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\OpacityGuide.dll.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):187
                                                                                                                                                                              Entropy (8bit):4.962434908080585
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:JLWMNHU8LdgCzMvHcIMOofMuQVQDURAmIRMNHjFHr0lUfEyhTRdolFvREBAW4QIT:JiMVBdTMkIGMfVJ7VJdfEyFRdSJuAW4p
                                                                                                                                                                              MD5:3F9B7C50015CA8BE5EC84127BB37E2CB
                                                                                                                                                                              SHA1:07FA0B2F00BA82A440BFEACAFD8B0B8D1B3E4EE7
                                                                                                                                                                              SHA-256:C66E1BA36E874342CD570CF5BDD3D8B73864A4C9E9D802398BE7F46FE39A8532
                                                                                                                                                                              SHA-512:DB5713DDA4ECAC0A1201ADD7D5D1A55BDBFC9E373B2277661869F7DE9E8BA593F44BDAFA6C8DBEBA09DF158B2DFDD1875C26C047F50597185F1F2F5612FC87B9
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />.. </startup>..</configuration>

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\PCPrivacyShield.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):6461328
                                                                                                                                                                              Entropy (8bit):7.199873616440346
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:49152:t2kqbUnozkTb5BqNFwIoufi2nTqgTCEcz4qeaR7JuHEEI+Nd0xSBoiMqx8:t2kqbUEkfTWKuLEVeEuHPI+NGxStx8
                                                                                                                                                                              MD5:5B34516DF5AB905BD334E908683A8084
                                                                                                                                                                              SHA1:2F654634A23FF8FB79B18423B541E1F1ACFD90DD
                                                                                                                                                                              SHA-256:05B3A066AD986C66457C3C3BEAC5EBD7958D783A1369ED0A3D1AA741DAD9456D
                                                                                                                                                                              SHA-512:F4EBC0540515352C99F38E7AC25F1F359D1AB54F873B938F95FD40F9F6184B565E88764521CADCE5541B301054CEDAFF78B5594E7B40693BE979441D351D8AB5
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...|..e..............0...H..b........b...... ....@.. ........................c.....A.c...`.................................x...S.....`..............jb..-....b.......................................................b.................H...........n.I7.-.I r... ...t..................@....text...`.H.......H..x.............. ..`.rsrc.........`......z`.............@..@.reloc........b......fb.............@..B..............b......hb............. ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\PCPrivacyShield.exe.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):306
                                                                                                                                                                              Entropy (8bit):4.965945372100954
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:TMVBd1IffVymRMT4/0xC/C7VrfC7VNQAopuAKr5KNbSt+gP9XWw5W4QIm:TMHdG3VymhsS+Qzop9LN2tJP9Lo4xm
                                                                                                                                                                              MD5:680FA9077E165BD9A76192EADAF934A0
                                                                                                                                                                              SHA1:214BA065517C18E5ED7BFD7211D75D4C15FA9D5D
                                                                                                                                                                              SHA-256:5ECDD4389D4D2407FA47EC3D791263B451EDA72D7013FA1E14C884669B5194B7
                                                                                                                                                                              SHA-512:95839D0AFF803B184DF4A5EED0D152425DD5AAC088767E5B77D1D8A503D60AE6E941367BB3FBFDC68D510A7D5B209B784855235124DADEB036032710B8889473
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727"/>.. </startup>.. <runtime>.. <gcAllowVeryLargeObjects enabled="true" />.. </runtime>..</configuration>..

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\PCPrivacyShield.msi

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {60A2DEFC-2BD6-42B1-90C4-2BEB1CFB0618}, Number of Words: 0, Subject: PC Privacy Shield, Author: ShieldApps, Name of Creating Application: PC Privacy Shield, Template: ;1033, Comments: This installer database contains the logic and data required to install PC Privacy Shield., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):4458496
                                                                                                                                                                              Entropy (8bit):6.475774879374287
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:49152:hV8kMo27Epq0n8Toc4Up8r6F5mCmR+Jv0Rn0rItYcuwwERO9qZFTvqPvO6Ezvs5e:uYn8To8o63vAYcuwrJaUOE3uNYx
                                                                                                                                                                              MD5:31CD604E8B53A5B1E43F18648E5256C2
                                                                                                                                                                              SHA1:4D894BBFE66A49C3158D16F831DA90295C2033E8
                                                                                                                                                                              SHA-256:3F3B9A72910DFF350291F95AF927E33929E60C0C0DAAEAD28801EB0710546B1D
                                                                                                                                                                              SHA-512:5D0D4B13B24B55CB19F1F31C1125FFD351A54B63C702F3925E35F1ADB01E330CC3738E8F4D54B95A22D4F6E71959F17D3A3598FA5A0CD7A0EB37D85C2171706C
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:......................>...................E...........................................q...r...s...t...u...v...w.......................................p...q...r...s...t...u...v...w...x...y...z...{...|...}...~.......................................................................................................{...|...}...~................ ... ...!.............................................................................................................................................................................._...........................>...?............................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...=...2...3...4...5...6...7...8...9...:...;...<.......@...J...A...B...H...C...D...E...F...G...K...I...T...X...L...M...N...O...P...Q...R...S.... ..U...V...W...^...Y...Z...[...\...]...O ..`.... ... ..b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\PdfReader.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):545680
                                                                                                                                                                              Entropy (8bit):6.138101390147843
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:V7/87yL6OxZSPvQLYigDMOW2BP1KA1CvbRcr:27yL6YZYvMYigDM01KWCvbRcr
                                                                                                                                                                              MD5:41B7D1E16166151CC731C67A058E4627
                                                                                                                                                                              SHA1:DADEDC6699102F697F21EAD65171DA3E437E1B70
                                                                                                                                                                              SHA-256:C2D839BC58911D591D27127E23D0CA9C3BC60EFB0D11E91626F3DFC201292E0A
                                                                                                                                                                              SHA-512:CB9C91B1FC4A9D5E1540B4F6FC7FA10044755CED46D19C9A9983F69766ED6F3855222F49412A18050C0432B341237AD1E5FE3274DF38E90197A5DFEEC5694FF8
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...s..e.........." ..0.................. ...@....... ..............................J.....`.................................0...O....@..p............&...-...`....................................................... ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`.......$..............@..B................d.......H...........(d............................................................(<...*.0..r.........YE....j...............................*...B...Z...r.............................dYE........................-...E...]...u...............................5...M...........e...}.......8....#.......@#.....T.@s....*#.....P.@#.......@s....*#.......@#.....P.@s....*#.....P.@#.......@s....*#.......@#.....P.@s....*#.....@z@#.......@s....*#.......@#.......@s....*#.......@#.......@s....*#.......@#

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Perpetuum.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):491408
                                                                                                                                                                              Entropy (8bit):6.766686382097439
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:4e/INALgtV6pyARcDm/TqwoXJrjzptkyh4sSh7m0UVcjIjmiQf2j50A3B+:vkLAa/pB+
                                                                                                                                                                              MD5:7A851FC31B1A18B5A6A8544038F393CB
                                                                                                                                                                              SHA1:F8BF1B2D24745A3B040D49EDF59425AF4AB42EB3
                                                                                                                                                                              SHA-256:E5B226CEEAA7D23AEDC38C0AD43D842E6572DD5498D484DC1A32B67CCDE5139F
                                                                                                                                                                              SHA-512:680F625717E871EEB0FA1079ED60D598726A74E4C482F2768069E979C455C3ACA961A09E58F8DF82C210E867D17CEB81B1894F70F80F6549E7EC527E46FAEB4A
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..e...........!..0..(...&...........@... ....... ..............................&.....`..................................H..O....................R...-...........................................................................@..H...........H.hex%(F..... ... ..................@....text...H%...@...&...$.............. ..`.rsrc................J..............@..@.reloc...............N..............@..B.....................P.............. ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Setup.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):269712
                                                                                                                                                                              Entropy (8bit):6.868155428721184
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:TM4xmfvJN1wV3fvMGU/p2RjfDhJZtxXn+tkUCjgmBZmnrROjudVUNpGSG39NAcI2:TMWyhN1wVPlSAZJZtxXn+tdCjgmBZmn7
                                                                                                                                                                              MD5:16A208BBF96144EE623B634F76AE6B87
                                                                                                                                                                              SHA1:1624FBE550A76541873C04175D2D6C20FA885C8F
                                                                                                                                                                              SHA-256:AE55827DAA58BE98838CCBABCEEE803CD59595576F3C6B7387AFB5226D04E32B
                                                                                                                                                                              SHA-512:89D6A8F7BE5DF9AB2CA3FE9203F8B347FB6D7620E3630312095ED4927A48A8464C9B9B6ACC2310FFBC8F421EE7F796BA4D1F94BE4F2ACA9D61D78CAF85238148
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e...........!..0..*...........`....... ....... ....................................`.....................................O.... ...................-...@.......................................................`..................H...........H.hex%(F..... ......................@....text....'.......(.................. ..`.rsrc........ ......................@..@.reloc.......@......................@..B.............`...................... ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\System.Data.SQLite.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1431952
                                                                                                                                                                              Entropy (8bit):6.839204333665325
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24576:Kii5k2wxy1kYKumepLDKpcWFjtsEfl5bSqU/uKM1JPWOdZCfSgH1uKiQxwF/BVUe:pSMdYKaMnfqq7mHWQqFqs
                                                                                                                                                                              MD5:F4C12A4A4FB7A9762E1BBDF280D87FCC
                                                                                                                                                                              SHA1:2FDD22D02A77279F5C32E99CC3ED7BCE471EE853
                                                                                                                                                                              SHA-256:7529CF94B79D7F5B19C1EB6E921A48EA70CF7D973FCEF05FEAB517C2C706CB09
                                                                                                                                                                              SHA-512:BAC02A6695290AD48F6D81161D675154BA3228E393B0F89C7054783DA53BBE4A54B8DFAFA451040865EF7EA3F863566FC51EB497C0368816E930E51A8B7BF9FC
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........?..Q[.Q[.Q[...[.Q[...[.Q[...[..Q[...[.Q[...[..Q[.P[q.Q[...[.Q[...[.Q[...[.Q[...[.Q[Rich.Q[........PE..L...a$.Y...........!......................................................................@..............................'......P.......<................-.......h..0...................................@...............................H............text............................... ..`.rdata..y...........................@..@.data....Q... ...$..................@....rsrc...<............0..............@..@.reloc...q.......r...:..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\TaskTools.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):183184
                                                                                                                                                                              Entropy (8bit):6.368864834079391
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:LKVYLIJ/K26/CaIlHpvyLbgmny7Uyx3ROeJgC+LIkQHca+gp44PSgjO4fxK:LNM/a+Jagmny7Uyx3ROeJgC+LIkQHcaQ
                                                                                                                                                                              MD5:13C119FDEB84F4E4A9386E48CBE7B1FD
                                                                                                                                                                              SHA1:6DAF120ABFADEB459E83349CB43F8A1CAB8DA942
                                                                                                                                                                              SHA-256:AD65B00A123371E579F8F6C72A29B3FCD5125C518D66D597ACB039EF9DACE26A
                                                                                                                                                                              SHA-512:34A0385A8C474F6614C9C3DA3E809DE6A916A6248769DE8166A32551A3171F3E028416FCD944EC08994DF3963CEB2DB651E91A9A41750D184158DF15965A3462
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...s..e.........."...0...................... ....@.. ....................... ......3T....@.................................x...S.......`................-..............................................................................H...........n.I7.-.I..... ......................@....text...h........................... ..`.rsrc...`...........................@..@.reloc..............................@..B.................................... ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\TaskTools.exe.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):231
                                                                                                                                                                              Entropy (8bit):4.934683524331857
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:TMVBd1IffVymRMT4/0xC/C7VrfC7VNQAopuAW4QIm:TMHdG3VymhsS+Qzop93xm
                                                                                                                                                                              MD5:2577E4B144EFCB577E51C1439155079A
                                                                                                                                                                              SHA1:8AC376D232D195179755BBFD1B20555E28FFFDDD
                                                                                                                                                                              SHA-256:BB7ACFD577ED69BAFF19C245537C289B340D559F2B4152F9F3C1DB9CC97ECDE9
                                                                                                                                                                              SHA-512:321506F74CA86E344BAC3A79520DE995501D18D634471F980FB314D1EE32EE2DD2705A2A608625F3D6B109EB444FC50AB83754D9A88F40CA86EBB0B8F5468578
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727"/>.. </startup>..</configuration>..

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Tracking.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):212880
                                                                                                                                                                              Entropy (8bit):6.684349427552865
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:7j1GmkZuxggvDhOhv/qApWaLDnRrJnumeOYOEbVb/kxiFyceMP9lZZ:31GG5lOlnYaPRrJnumeOYbbVb/kxiFyi
                                                                                                                                                                              MD5:EF5063D69F9DCD73822521C1C6FBC386
                                                                                                                                                                              SHA1:30CBAC429C42ED30A19D00A84E811258B7D8E046
                                                                                                                                                                              SHA-256:6C11771696EAEB5B2F0EA1ED822604D00DC830875C9BE9ED340F28554348A9D9
                                                                                                                                                                              SHA-512:5A6A988D4F89DDCF702E0AC3977433EA8A04657FCE961DC36F90C35374A984450B4C2BCA218AE1739F227521129BA596A584474B75FD2EAE632E628D8A579C88
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..e.........."!..0......,...........`... ....... ...............................'....`.................................xh..S....@...................-...`.......................................................................`..H...........n.I7.-.I.%... ...&..................@....text........`.......*.............. ..`.rsrc........@......................@..@.reloc.......`......................@..B.................................... ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\TreeViewFileExplorer.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):43920
                                                                                                                                                                              Entropy (8bit):6.408926342650433
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:xVgtEWKk51yjdZbIYL++VXyp6oA2H563Sntop7oJeVAMxkEau:HgtEWzg++lfqZ6/oJ4x9
                                                                                                                                                                              MD5:1F5CF75612A5F4926DF98BD2A90E062A
                                                                                                                                                                              SHA1:BE7C9E7A336509129CC1D4EC78776B7C9C62EA6B
                                                                                                                                                                              SHA-256:A4DB0F2AF43100C1878E18350FE9BB365AC88FDB0C4C3E156429DCD04FF7FBC5
                                                                                                                                                                              SHA-512:DF1BD36DD359B250FFAD9F5DA806019617F21A65F7B1F7730BB7B64215AF8CF94D724715D42CAB1BFAF68CDC3EF279AEE959D14BE4AA99CE7413609D264C86EA
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...s..e.........." ..0..v............... ........... ..............................8f....`....................................O....................~...-........................................................... ............... ..H............text... t... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B........................H........B..|H..........@................................................0............r...p.r...p(......(......{U...r...p(....,\.{U...r...p(....,J.{M....._,?.{M... ...._-1.{M...._-'.{M...._-..{M... ...._-..{M.... _-...+....(....-..(....&..&...*.................0............r...p.r...p(......(......{U...r...p(....,\.{U...r...p(....,J.{M....._,?.{M... ...._-1.{M...._-'.{M...._-..{M... ...._-..{M.... _-...+....(....-..(....&..&...*.................0...........(....(...+...&...*.

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\TreeViewFileExplorer.dll.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):184
                                                                                                                                                                              Entropy (8bit):4.918719857487763
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:vFWWMNHU8LdgCQcIMOofMuQVQDURAmIRMNHjFHr0lUfEyhTRwFvREBAW4QIMOov:TMVBd1IGMfVJ7VJdfEyFRwJuAW4QIm
                                                                                                                                                                              MD5:C64632957C9A46B320E412D857E176C0
                                                                                                                                                                              SHA1:823615CC1FFA2033818AEA94781DA440662902BF
                                                                                                                                                                              SHA-256:16A5B2D1D7CC9914BCE73914D4D956D3BA7A2EC34E3D41E876F2E265C15D8096
                                                                                                                                                                              SHA-512:2B89C7953194A7ADF7EF77C98558C27F7CC968F89EDB04A7E13AB84DF7CAD1F4E23588016F01AFA2C0A4AD2768B6814E24A6342376B92DCAD48D35B8D4725C6B
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>.. </startup>..</configuration>..

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\Util.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):844688
                                                                                                                                                                              Entropy (8bit):6.765666106013207
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:svzLMwROMBXBZZ1Gy3sMkhYy5KcJZZRe4gAYsApWnGKV72sQQCVtk+bSWJSLGg1Y:sH3OmRZZ1GiVkhYy5dZRe3AYWnGmcqa
                                                                                                                                                                              MD5:D9EB67B1768883D795594F36EBFE4AC9
                                                                                                                                                                              SHA1:622F2EAD2BC9D29713E061D9EBF341C34C34785E
                                                                                                                                                                              SHA-256:8CF5DA3D10ED0D744966E621570B56396C2E2272614584BBD5F27B145486DADF
                                                                                                                                                                              SHA-512:B5FFDF2240C70EA6D8B0714608CEFC8D0DB3A7C69434E9AC77761403673A3BDA6EEED3A703E4BFD05AFE80F8A6721FA9240C0D001AC568D6F05BCB7EACC979D6
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t..e...........!..0..8...z....... ....... ....... .......................@...........`.....................................O........................-........................................................... ..................H...........H.hex%(F.r... ...t..................@....text... 5.......6...x.............. ..`.rsrc...............................@..@.reloc..............................@..B............. ...................... ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\WcDialog.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):34192
                                                                                                                                                                              Entropy (8bit):6.557553914587809
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:E3fLpStPq3g08G+EuFXs3vuTRw/MGPlYtfB8ptYcFwYB03KypwK36nBAM+o/8E9J:E3yel0cTY/ItYcFwYB6KNBAMxkET
                                                                                                                                                                              MD5:4663C5E625BBED223A3DD47B2101E6A1
                                                                                                                                                                              SHA1:146F406BCB5EC36CA3F6C66EA046D18E58DADA10
                                                                                                                                                                              SHA-256:D93810A51CB0A8F92160BB90CDDC1DA2DF128ABC5FA482D5EC5FBFB25E27EDBA
                                                                                                                                                                              SHA-512:A6358CBCD9C6F24CCF6FEB5AAFC290AA7D6063BD98AEBDA1284FA3578B2A83143C69292063FB0B949723F816BE35E28B060E061774F2D2BBB2C51E05A84BE300
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...-Ia..........."...0..B...........`... ........@.. ....................................`.................................l`..O....... ............X...-..........P`............................................... ............... ..H............text....@... ...B.................. ..`.rsrc... ............D..............@..@.reloc...............V..............@..B.................`......H............1..........._...............................................0.............................(....}8......};......}:.........*.........+w......~........... ....(.......ds.......ds.......ds.......d...d...d.....Y...........,......(......+... ..........,..+...-......+......:u......+...*...0.............~.......(..........r...ps........r+..p(3...~............|........~..................(.......~....(........,...(....&..................,...o............(....&.....+...*..

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\WcDialog.exe.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):187
                                                                                                                                                                              Entropy (8bit):4.962434908080585
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:JLWMNHU8LdgCzMvHcIMOofMuQVQDURAmIRMNHjFHr0lUfEyhTRdolFvREBAW4QIT:JiMVBdTMkIGMfVJ7VJdfEyFRdSJuAW4p
                                                                                                                                                                              MD5:3F9B7C50015CA8BE5EC84127BB37E2CB
                                                                                                                                                                              SHA1:07FA0B2F00BA82A440BFEACAFD8B0B8D1B3E4EE7
                                                                                                                                                                              SHA-256:C66E1BA36E874342CD570CF5BDD3D8B73864A4C9E9D802398BE7F46FE39A8532
                                                                                                                                                                              SHA-512:DB5713DDA4ECAC0A1201ADD7D5D1A55BDBFC9E373B2277661869F7DE9E8BA593F44BDAFA6C8DBEBA09DF158B2DFDD1875C26C047F50597185F1F2F5612FC87B9
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />.. </startup>..</configuration>

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\de\OpacityGuide.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):34704
                                                                                                                                                                              Entropy (8bit):6.017488385130605
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:U3d5WCyncDsSPm3MzwZpzhMXqm9uAHfAMxkEB:OdUCycDzPevbZm8AH/xF
                                                                                                                                                                              MD5:160CFB333B787B381C0292716F511677
                                                                                                                                                                              SHA1:F3E1935C009B35261DDE2137BA2B85C665884991
                                                                                                                                                                              SHA-256:B85E77DDE7FD58A898355C02F53A2E1ECAB6E3517B23D6B8FED5A941E864E056
                                                                                                                                                                              SHA-512:4439E4663693C2D93C0531B83AFD54AE79C1EFC2CF6D7AB9CB75A2C75796A6567D48D0F1F663036F7AD44B79FF06F8264AA8B24B5BAF7243D76C30B2606349E6
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t..e...........!.....R..........nq... ........... ....................................@..................................q..S....................Z...-........................................................... ............... ..H............text...tQ... ...R.................. ..`.rsrc................T..............@..@.reloc...............X..............@..B................Pq......H........m..8...........P ...M...........................................M.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....U.......PADPADP.:........T.....ET...4..o.~.a9...l3...Q.....Yf...~.9.Y...............&....O...A.=.J.P.....8.....w.t.#..9.......x..z...m..D*.............1....S'.@...1|.qI..\...+\.?.1.8GD.....y.}.|.g..V........m.C....<..}......@:.(

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\de\PCPrivacyShield.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):91024
                                                                                                                                                                              Entropy (8bit):5.284033050197909
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:SjrQH21GDTLrFqNQ0OCa0d0/klfBbfu2ChelRBxj:SjrQHlDTLrFqNQ0OQGGRj
                                                                                                                                                                              MD5:6088F7FDCBF2549AE50144BFEEA6FC19
                                                                                                                                                                              SHA1:F82B7694E5D92048187CF3B9DF44E02FD3A52406
                                                                                                                                                                              SHA-256:0791E8335979C14D00F0D1FFBA87DBC239B71D3E42F14B2A13F4A9BB0445AA7A
                                                                                                                                                                              SHA-512:563F5CED1B98A213DA08E1C24EA8EDFE02B6A99AF3981185341142EA1C8EC3B21E66B236BDF0852A45105E5A1302D8DF4CD8D109975B7D0E48741E45BE9242C9
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...|..e...........!................>L... ...`....... ..............................s ....@..................................K..O....`...............6...-........................................................... ............... ..H............text...D,... ...................... ..`.rsrc........`.......0..............@..@.reloc...............4..............@..B................ L......H........H..4...........P ..f(..........................................b(.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....'.......PADPADP..........z..F.)./..-...s7...j.. p.s....V........&Q..2........]..........N..3.......#B.6......N,...v....5...8R...........1.f.4.H]C..MP..RP..ZR.G.)..]b.....&..2.....w.9J......I'c.....V.J..i.J*).QlE....(...$[..

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\de\Util.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):19344
                                                                                                                                                                              Entropy (8bit):6.726648078112335
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:8JRzaVM68nK2PVFVupwK36CoAM+o/8E9VF0NyTUH:qoGK2Px5xAMxkEO
                                                                                                                                                                              MD5:0AD01D8096F91F88042EF8366DCB0CC6
                                                                                                                                                                              SHA1:A19D926F47F41723BCCC7687048B9F78385841CA
                                                                                                                                                                              SHA-256:F833428C32D5F847955990DE67E558672D7B563E3FDC47A71BFDB784A448EE41
                                                                                                                                                                              SHA-512:66663E889AC0E730F5A5302705E9C72E6CC27AD58D5B5B2DC0719AFB61BF22CA8F906CA535605E108668B174E86629154AE7C8CC151950E5ACF444592769F55B
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t..e...........!................^4... ...@....... ...............................S....@..................................4..S....@..p................-...`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................@4......H........0..............P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet..../.......PADPADP..p.....U..>...m@ .Q.e.....0m..ZA9..9.....sg...........(Vz.IR....;...:.-...b.-...]..9....A...pT0..Az.),..9PG..R..?p./3..;Se.;.,s<...>...A...D.EfP..P.;.Q...b...c`S|f.H.oru"qY..w........<...........p...0...L...........

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\es\OpacityGuide.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):34192
                                                                                                                                                                              Entropy (8bit):5.9922668238877455
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:FNmG8JvABMQWNBTDAcmzkGlRPJQAMxkE+42OB:rmGGvABMvNRD8RPJ+x6GB
                                                                                                                                                                              MD5:D33DD56999B8470A3A402278BA653074
                                                                                                                                                                              SHA1:7DC45BCD73409785790C37C6464C9755F63D3AC8
                                                                                                                                                                              SHA-256:D6B7119F43A34D19D4F026954A737367248558FC7A6487B2B651203FCA507CA4
                                                                                                                                                                              SHA-512:1A7E16521D8F9C5E621F926D012B72AB4D26D6ECA0F7DC35E06ABC3F562A1366CA5E1A1535125BE3E1D0490951E3598A63DC87DDF18B74B4B43625C03D9A6424
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t..e...........!.....P...........o... ........... ..............................,.....@.................................<o..O....................X...-........................................................... ............... ..H............text....O... ...P.................. ..`.rsrc................R..............@..@.reloc...............V..............@..B................po......H........l..8...........P ...K...........................................K.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....U.......PADPADP.:........T.....ET...4..o.~.a9...l3...Q.....Yf...~.9.Y...............&....O...A.=.J.P.....8.....w.t.#..9.......x..z...m..D*.............1....S'.@...1|.qI..\...+\.?.1.8GD.....y.}.|.g..V........m.C....<..}......@:.(

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\es\PCPrivacyShield.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):90512
                                                                                                                                                                              Entropy (8bit):5.256922556761538
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:2jgzNWpamnsk/2uVbwu6RxdovAygx9qzYxATxx:2jgzNWBsk/2uVbwu6RLoLg+zYxAX
                                                                                                                                                                              MD5:1A68F76BA5346051714D2CF0859E2CF9
                                                                                                                                                                              SHA1:C60DC6F015D61F6E6A50C502B84E35127AD27FB0
                                                                                                                                                                              SHA-256:09E838967CFE180C6BAB933069457B746AE3BB3664EF5E26760205835AD6E1E3
                                                                                                                                                                              SHA-512:162046F30937896E5F56E8A5B0DEE5DD2645C3FE7EBB80FEC94F5736F9CAACAB9E1BDA6C047E701412839B51DD8A387DFE6C3F1B7A51D8A0499ECBB3A7FDC7BD
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...}..e...........!.....,...........K... ...`....... ...............................8....@..................................J..K....`...............4...-........................................................... ............... ..H............text...$+... ...,.................. ..`.rsrc........`......................@..@.reloc...............2..............@..B.................K......H........G..4...........P ..J'..........................................F'.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....'.......PADPADP..........z..F.)./..-...s7...j.. p.s....V........&Q..2........]..........N..3.......#B.6......N,...v....5...8R...........1.f.4.H]C..MP..RP..ZR.G.)..]b.....&..2.....w.9J......I'c.....V.J..i.J*).QlE....(...$[..

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\es\Util.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):19344
                                                                                                                                                                              Entropy (8bit):6.742886869007296
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:azmMllJmR55pwK36FNrAM+o/8E9VF0Nyapwwdf:oFlu/OPrAMxkE8wy
                                                                                                                                                                              MD5:4AB2927F1C01FF5E16EC8136CDA74170
                                                                                                                                                                              SHA1:EF4A2E1125591080B3317D35D9D6323281F795B8
                                                                                                                                                                              SHA-256:FFD193E9C3D3EB4F207855F4276C45E097C97EF1A22632048D487FC04CBA456A
                                                                                                                                                                              SHA-512:826A1B6CBF56B89E7DA50C4FB0333711079DCE1F131137CB3CEB590F28C55423DF4D94A32ACEBD45052A525689B86FE10B5CAB7ACAA869294CD1D6FD20A7E4EC
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t..e...........!.................4... ...@....... ....................................@..................................4..W....@..p................-...`....................................................... ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B.................4......H.......x1..............P ..%...........................................!..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet..../.......PADPADP..p.....U..>...m@ .Q.e.....0m..ZA9..9.....sg...........(Vz.IR....;...:.-...b.-...]..9....A...pT0..Az.),..9PG..R..?p./3..;Se.;.,s<...>...A...D.EfP..P.;.Q...b...c`S|f.H.oru"qY..w........<...........p...0...L...........

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\fr\OpacityGuide.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):34704
                                                                                                                                                                              Entropy (8bit):6.012704448471184
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:pCm1rIGzYOZtH9pcmpBmTebn9R0kvvAMxkEl/:EmRIGzY+tdpc0kTebn9R0knxR/
                                                                                                                                                                              MD5:897B58CA580D2269F7402C928B45FF97
                                                                                                                                                                              SHA1:5235E3318E590AD2CA439717F3D2608E7CD9D90B
                                                                                                                                                                              SHA-256:E7E8995E10910DBE2BE741C38BA27EBA1F71F98CB5668CE4D71E4EBF30A8AC4F
                                                                                                                                                                              SHA-512:8959C9F6A0C8A7145B4551DF0F5D479B0D391BB53901EBC85089F8AF1622D6D106539CAE4AA4A1B6028B59AA6E6B80FA45477AF66353AA9493CA2B5B7DC149AD
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t..e...........!.....R..........^q... ........... ....................................@..................................q..K....................Z...-........................................................... ............... ..H............text...dQ... ...R.................. ..`.rsrc................T..............@..@.reloc...............X..............@..B................@q......H........m..8...........P ...M...........................................M.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....U.......PADPADP.:........T.....ET...4..o.~.a9...l3...Q.....Yf...~.9.Y...............&....O...A.=.J.P.....8.....w.t.#..9.......x..z...m..D*.............1....S'.@...1|.qI..\...+\.?.1.8GD.....y.}.|.g..V........m.C....<..}......@:.(

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\fr\PCPrivacyShield.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):91536
                                                                                                                                                                              Entropy (8bit):5.278385069288814
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:6jUW8fDC8shMWgZ8tt5G3EA/jYsTjZUsJTEMKJWH9cFG3Z+au2eRLeO8JCAfSxfX:6jb8fYeWgZ8tt5G3EA/jFjZtFEMKwH9E
                                                                                                                                                                              MD5:86F1D6A7B1528F9BBCD6F7229B8BEBAD
                                                                                                                                                                              SHA1:072B6AD093BF119D9C44292BB8E77BDE6B5481EB
                                                                                                                                                                              SHA-256:204C09995443258BF5859A36734427EC9642F385A62ED260431994456783E631
                                                                                                                                                                              SHA-512:AACA69535CF7526EA6B63527A6CEDCFC6E91846F9A1FDDD13CB1D7C8AFFAC13B389806CF19FD1202E278E6FFC5EAD72B39E8F18F237B7A4D36654F92346428FE
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...}..e...........!.....0...........O... ...`....... ...............................6....@.................................4O..W....`...............8...-........................................................... ............... ..H............text..../... ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............6..............@..B................pO......H........L..4...........P ...+...........................................+.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....(.......PADPADP..........z..F.)./..-...s7...j.. p.s....V........&Q..2........]..........N..3.......#B.6......N,...v....5...8R...........1.f.4.H]C..MP..RP..ZR.G.)..]b._.x.....&..2.....w.9J......I'c.....V.J..i.J*).QlE....(...

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\fr\Util.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):19344
                                                                                                                                                                              Entropy (8bit):6.7253916783993795
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:zBKV59meFVYSX32qmLpwK36TL6CI2DgAM+o/8E9VF0NylIrTW:dc59meFVYA32qmwCUgAMxkEoXW
                                                                                                                                                                              MD5:EED003EBEE1A71BC1CEA792625B1EB35
                                                                                                                                                                              SHA1:345A8FE319356E1608E690479B2BE356D39B6CDF
                                                                                                                                                                              SHA-256:92885816F14E0AF87C72AB182F4B4EFB73B06367F0DBA858047A5996B315BFED
                                                                                                                                                                              SHA-512:8DDB70A74FCE89EA3D062AF71F536A3C807257B36FD4480FDB4A5EFBA5A0291A8158852661B80FC7A3DAFAE062A8D62B4290C7DF837733D6A1F65614FDD3CDFF
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t..e...........!................~4... ...@....... ...............................5....@.................................$4..W....@..p................-...`....................................................... ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................`4......H........1..............P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet..../.......PADPADP..p.....U..>...m@ .Q.e.....0m..ZA9..9.....sg...........(Vz.IR....;...:.-...b.-...]..9....A...pT0..Az.),..9PG..R..?p./3..;Se.;.,s<...>...A...D.EfP..P.;.Q...b...c`S|f.H.oru"qY..w........<...........p...0...L...........

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\ja\OpacityGuide.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):26512
                                                                                                                                                                              Entropy (8bit):6.526888083101428
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:dloRzSNxa9gb/ztJsZY7oGslZCxNoFGtunpwK36+GAM+o/8E9VF0NypFs:MzlRZ3GoYtuc/AMxkENs
                                                                                                                                                                              MD5:698FCBED33A8576F0FABAB28FAA27177
                                                                                                                                                                              SHA1:CDE5F5FE7B9E28491993D630E08BA8417F566C41
                                                                                                                                                                              SHA-256:C9728AA1B3D0DE00CBF4C8F9D290D57318A1759B5DDE5681CF312E23556924B9
                                                                                                                                                                              SHA-512:EBB9D42715EDDCBD1A73CA2B6A11EB4CAF31E3DE4BF8BAE78378DE839E64A9CBA97E4EF7029E6A9D08F27199FF42780FC79FF088327546444B8137B595CC3D2B
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t..e...........!.....2...........Q... ...`....... ....................................@..................................Q..S....`...............:...-........................................................... ............... ..H............text....1... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................Q......H.......PN..8...........P ...-...........................................-.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....-.......PADPADP........ET...l3...Q.Yf...~.......O.=.J.......w..z...m.............1....S'.8GD.....y.}.......m.C...}..@:.(...8.>0~..3.v.>...AS.sE.s.E...G..PJ..uU.bc_.agc...o.e.q.n.s...y...y........2...y...-...1...3.......................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\ja\PCPrivacyShield.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):96144
                                                                                                                                                                              Entropy (8bit):5.683421142250503
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:kjtguMPz0FjLlqo9vfj/rsQURfjkBztROpmxf:kjiuMr0FjLlqo9vfj/rsn7+XOpY
                                                                                                                                                                              MD5:1128487C60359CB7E15769A1BF2BAF7F
                                                                                                                                                                              SHA1:86F248F607250B7B2854D979ACE8820814C18651
                                                                                                                                                                              SHA-256:D8233CA85B7D517E8A84D35E840756D116D193A0A7BD5CB4C6C72EF4DC610BAE
                                                                                                                                                                              SHA-512:6E1E90B31F17BE191F4ACD07DDDF1BC54671A6514AFF7C0CB430C29AF53B131AB1D6837203C2FA5B6C8D954DE98A9742B330BE04304378F111B35372191C86B4
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...}..e...........!.....B..........._... ........... ...............................D....@.................................._..S....................J...-........................................................... ............... ..H............text....@... ...B.................. ..`.rsrc................D..............@..@.reloc...............H..............@..B................._......H.......t\..4...........P ..$<.......................................... <.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....).......PADPADP..........z..F.)./..-...s7...j.. p.s....V........&Q..2........]..........N..3.......#B.6......N,...v....5...8R...........1.f.4.H]C..MP..RP..ZR.G.)..]b.....&..2.....w.9J......I'c.....V.J..i.J*).QlE....(...$[..

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\msvcp100.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):421200
                                                                                                                                                                              Entropy (8bit):6.595942471932211
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:Seb8zxr1aWPaHX7dGP5frhUgiW6QR7t5qv3Ooc8UHkC2e7wx:Seb8Fpa6aHX7dGP5Gv3Ooc8UHkC2ekx
                                                                                                                                                                              MD5:BC83108B18756547013ED443B8CDB31B
                                                                                                                                                                              SHA1:79BCAAD3714433E01C7F153B05B781F8D7CB318D
                                                                                                                                                                              SHA-256:B2AD109C15EAA92079582787B7772BA0A2F034F7D075907FF87028DF0EAEA671
                                                                                                                                                                              SHA-512:6E72B2D40E47567B3E506BE474DAFA7CACD0B53CD2C2D160C3B5384F2F461FC91BB5FDB614A351F628D4E516B3BBDABC2CC6D4CB4710970146D2938A687DD011
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........e..d...d...d.......d.......d...d..Cd..K*...d.......d.......d.......d.......d.......d.......d.......d..Rich.d..........................PE..L...A..M.........."!.................<.............x................................(~....@.................................<...<.... ...............V..P....0..D;..p................................/..@...............p............................text...u........................... ..`.data...$:.......,..................@....rsrc........ ......................@..@.reloc...S...0...T..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\msvcp120.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):455488
                                                                                                                                                                              Entropy (8bit):6.69762575816539
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:pVXWeWENKfCv9tYKt4YIWhUgiW6QR7t5ss3Ooc8DHkC2eXXI:jXWelZv9Gi4Vs3Ooc8DHkC2eXXI
                                                                                                                                                                              MD5:8080160D77881130485100FBF51A619D
                                                                                                                                                                              SHA1:AF7EF1F90AF489423439713EECAAAA81BDED2585
                                                                                                                                                                              SHA-256:AC9DDD9F6132D5F05709BBE2CEA3B3EABB2DF8E4BD79365B336AC9CE7C2D8C3E
                                                                                                                                                                              SHA-512:9C4D928898445B757908266EFAA79D16E57DF4FD1D3FE162C6B25D9A98E3B5E819A989B94286D923C90E99E50BEEEED74A83F4B20F11021ED8DB28DD6CA412E1
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I..'U.'U.'U.p.U.'U.&U..'U...U.'U...U.'U...U..'U...U..'U...U.'U...U.'U...U.'U...U.'URich.'U........PE..L......V.........."!.........................0............................................@..........................W..L...<...<.......................@?.......D...................................K..@...............<............................text...<........................... ..`.data....^...0...0... ..............@....idata...............P..............@..@.rsrc................j..............@..@.reloc...D.......F...n..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\msvcp140.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):627440
                                                                                                                                                                              Entropy (8bit):6.358008157076177
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:0Opw3ob/5jh6lN0RXhsdufjqDZZX/t5xTOKGmm75s79s8/y2MQEKZm+jWodEEVoA:M3ob/5jh6lN0RXhsdufjqDZZX/t5xTOq
                                                                                                                                                                              MD5:2F443A41E00A370754A50CFC02C2E470
                                                                                                                                                                              SHA1:0B812BDEEBF71B2F8382FC115960DC83830201B5
                                                                                                                                                                              SHA-256:BDF1D095D1419E9CE49E774590EE092B1B673CA259C0126F21AFE595B3E661EB
                                                                                                                                                                              SHA-512:15301C33835C67CDC0BD82E29D918411FB71DF40EE073E43EEEC96B85E94804E12DF4354B02D73C185CCA9B14349529A22D5AABD0FEAC41BBCBB9AE27273D039
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`..r$..!$..!$..!.O.!&..!-.|!2..!v.. '..!$..!...!v.. '..!v.. o..!v.. j..!v.. %..!v..!%..!v.. %..!Rich$..!................PE..d...~0.[.........." .........`...... ...............................................].....`A............................................h....................0..t@...T...>..............8............................................ ..........@....................text...|........................... ..`.rdata..<.... ......................@..@.data....;..........................@....pdata..t@...0...B..................@..@.didat..h............B..............@....rsrc................D..............@..@.reloc...............H..............@..B................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\msvcr100.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):773968
                                                                                                                                                                              Entropy (8bit):6.901559811406837
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
                                                                                                                                                                              MD5:0E37FBFA79D349D672456923EC5FBBE3
                                                                                                                                                                              SHA1:4E880FC7625CCF8D9CA799D5B94CE2B1E7597335
                                                                                                                                                                              SHA-256:8793353461826FBD48F25EA8B835BE204B758CE7510DB2AF631B28850355BD18
                                                                                                                                                                              SHA-512:2BEA9BD528513A3C6A54BEAC25096EE200A4E6CCFC2A308AE9CFD1AD8738E2E2DEFD477D59DB527A048E5E9A4FE1FC1D771701DE14EF82B4DBCDC90DF0387630
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L......M.........."!.........................0.....x......................................@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\msvcr120.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):971584
                                                                                                                                                                              Entropy (8bit):6.964613857967258
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24576:HmFyjr0XnrmKnxvHeDJqN5br94sVs+Vbm:qXd4ebr9s+Vbm
                                                                                                                                                                              MD5:7F8DA89204332DF95CFC41F6E85DC515
                                                                                                                                                                              SHA1:7E8D71E1F2F9729A52B2938BFDDE69E56E6DE488
                                                                                                                                                                              SHA-256:1C8449F417566DD0FD69DC21EF77D46B9475FBAAC731DA35BDC71669F22242C8
                                                                                                                                                                              SHA-512:D48B833CBC9DB97D7BE4E986BE25AE097D1F55A33D591C5F554EC95D0D329F7CDC50687E16429289308A212CB00A8E2A640039CA7A056C5E03F58E21D3B27B33
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0iP.^:P.^:P.^:..:S.^:P._:..^:]L.:..^:]L.:1.^:]L.:f.^:]L.:..^:]L.:Q.^:]L.:Q.^:]L.:Q.^:RichP.^:........PE..L......V.........."!......................................................................@.........................`........R..(....p..................@?......\]......8...........................0...@............P...............................text............................... ..`.data...De.......V..................@....idata.......P......................@....rsrc........p.......2..............@..@.reloc..\].......^...6..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\schedc10.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):63888
                                                                                                                                                                              Entropy (8bit):6.858002043943741
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:93e+FUzJHNMxoGs1+I09d94mPEf3A5SCkprADYtzYcHeFwbPAMxkE8C:pe+4JH+oGs/0zJPEf3HCkprAEMFIPxQC
                                                                                                                                                                              MD5:DD519D00D81134F8924CA52B11A571B9
                                                                                                                                                                              SHA1:023E26E3814006E8B3D9DA377A674D5A0893CCA6
                                                                                                                                                                              SHA-256:F177B7DD96538A734892DE11505431206CCFF90A2A5655ADBD0CA657966934E7
                                                                                                                                                                              SHA-512:F665E533830BC124959628CA2ECE1B3AC5DD99EFF61C6AA924EA1885AD751A9E13337907B1E89221E28545CFCE882DF904E63B2299AC1EF42EAB313E4B7ECA7C
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..e..............0..r...V.......@....... ....@.. .......................`............`.....................................O........................-... .......................................................@..................H...........H.hex%(FtC... ...D..................@....text....o.......p...H.............. ..`.rsrc...............................@..@.reloc....... ......................@..B.............@...................... ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\schedc10.exe.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):232
                                                                                                                                                                              Entropy (8bit):4.9291270848865505
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:TMVBdTMkIffVymRMT4/0xC/C7VrfC7VNQAopuAW4QIm:TMHd413VymhsS+Qzop93xm
                                                                                                                                                                              MD5:DEA7F3714D54D630D31C8E9F8D5B2CE6
                                                                                                                                                                              SHA1:BF3A234D5AFFF9A61E468450ED716157AA47C3DD
                                                                                                                                                                              SHA-256:6C34A02A0C84BA2126A7408A3093C213792188A7838265DD1E4AC816988E8934
                                                                                                                                                                              SHA-512:374EB698BC372B125DEBDB6CC89A148CBB7ACF865C4E0E3AF629695A97FC1930AA86E3C3D0ECF3155644964C615A25C4180C6D85C892AAA4A96A885B3922A607
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727"/>.. </startup>..</configuration>..

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\trialnotification.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):79248
                                                                                                                                                                              Entropy (8bit):6.736061024532615
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:Z7zTLFCgrXB3ZTu+c/Dohx3/eV+ZPBAiGB+xq:JzdCgTTTFMcd/eV+ZPBAiGBT
                                                                                                                                                                              MD5:23FC2F0BABC42DF6F73B38A39ED10859
                                                                                                                                                                              SHA1:CB447653F061ABCCE6F2F5E1A26CAA4370E5A564
                                                                                                                                                                              SHA-256:E1FF61E6A3C91475D1DDEBD5139F9CE368B2D819290B98F28A08351087026B49
                                                                                                                                                                              SHA-512:BE3A9918F654EB0F3811918419C80ADBC3E5A32FFFC80F162FECA1CCCEECD579A0B607AEBFDB6651F5FB66E9522C75C0C5D0364D252595F83E5D2250AE2A6706
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..............0......f.......`....... ....@.. ..............................-.....`.................................x...S.... ...................-...@.......................................................`..................H...........n.I7.-.I.R... ...T..................@....text................X.............. ..`.rsrc........ ......................@..@.reloc.......@......................@..B.............`...................... ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\trialnotification.exe.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):224
                                                                                                                                                                              Entropy (8bit):4.880118702095831
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:TMVBdTtdcIjkfVymRMT4/0xvFM7VEk7VNQA5DuACQIT:TMHdRd9ofVymhsvFfSz5D9CxT
                                                                                                                                                                              MD5:0147569A84082745173115350C3E28BA
                                                                                                                                                                              SHA1:A8C42DB365E56A2D3CE19BA062C9C3AD7455FD94
                                                                                                                                                                              SHA-256:8BD37A6478C79DA70CECCCB45D15FB9A2FA841D53DCD38F7028DE3F2DBE54D3F
                                                                                                                                                                              SHA-512:90E62AE6DF3191E21088D06922384F3C78638FCC34D27037C628CC641D3EB15158892C557A183949FBFE8EC9BBC60DEA2C219B84124F1FDD76B6E3757A67D6E7
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8" ?>.<configuration>. <startup useLegacyV2RuntimeActivationPolicy="true">. <supportedRuntime version="v4.0" />. <supportedRuntime version="v2.0.50727"/>. </startup>.</configuration>

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\updater.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):641424
                                                                                                                                                                              Entropy (8bit):6.379815631148314
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:oOSzitgsfnOuD6p8O/3q/dHzaXYUBispiBVrBd2XR9Q40JVvu:oOSz9sfTc8O/34HzaRpm3dYR9cJVvu
                                                                                                                                                                              MD5:18F240EC48EE7AFA3214EA425E177983
                                                                                                                                                                              SHA1:186EB76CAE15C56C54AF8E24946ED9F70FDE9DC7
                                                                                                                                                                              SHA-256:2B58CD5F0F541FC5B540B47936D4A5806DAD839BB4045B6680C1A825230B4346
                                                                                                                                                                              SHA-512:591FD1325E9AEC420D84F67C8EDC5380DB1BE3A10E35EFD1DF7CEAEE55553A082B58B23A0C5005117AFB477BD826D70199173868330A8A09B7F7C4AF0175D70C
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C$.n.E.=.E.=.E.=...=.E.=...=.E.=...=.E.=.'.<.E.=.'.<#E.=.'.<AE.=.=h=.E.=.=x=.E.=.E.=.D.=.&.<fE.=.&.=.E.=.&.<.E.=Rich.E.=................PE..L......Z............................s.............@.......................................@..................................X..........C................-.......R..P...p...........................@...@....................S.......................text.............................. ..`.rdata.............................@..@.data....&...........^..............@....rsrc...C............n..............@..@.reloc...R.......T...H..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\vcruntime140.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):85040
                                                                                                                                                                              Entropy (8bit):6.583935524888408
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:7kqwmvKrSgB91BDJ25Tg/G0G5r4Gt7qNBPS9DR6ecboHjPzRVzB0Og:73CuavtckJSVqNBPSeecboHjPzry1
                                                                                                                                                                              MD5:CAFD6F3410AF3B95968A1EFB17ECEE05
                                                                                                                                                                              SHA1:7B4FE24321D2B108EDA71EBCE241DA389C9A9158
                                                                                                                                                                              SHA-256:0164B1BFDCEDB07295EAE14FA5DCA88B46862BC91EC2D317EF8559BBEC8128BA
                                                                                                                                                                              SHA-512:79DB866ED22D3671359915CEEB96741A13356258132772067A1B0E186C700C32C97EC14BFE83B09110A80DEE61CC78AE85F8721184FBD4F1DE5E7D8DFADA82F4
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ZWB..6,..6,..6,.....6,..N...6,..6-.26,.L^/..6,.L^(..6,.L^)..6,.L^,..6,.L^...6,.L^...6,.Rich.6,.........................PE..d...y0.[.........." .........R...... ........................................P......!{....`A............................................4............0....... ..........0>...@..t...P...8............................................................................text...C........................... ..`.rdata...6.......8..................@..@.data... ...........................@....pdata....... ......................@..@.rsrc........0......................@..@.reloc..t....@......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\x64\DecryptTool.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):88976
                                                                                                                                                                              Entropy (8bit):6.770067807862272
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:ejLi48e0I5gR2GBgDD9c/vZ3IKGzTQ+utMvOg4xUa:0LiteQBgDD9c/vZ3/GzTQ+utMvOL
                                                                                                                                                                              MD5:EB83F2A3C15C8227C4E7ACAB1BEE2F68
                                                                                                                                                                              SHA1:C62498CBBB83256E7D9D81C5A8E88DD8A56B15B9
                                                                                                                                                                              SHA-256:6F629F90BE79F9F3D90974D435DE1C22CAC84625C3363ED849825745B7034E95
                                                                                                                                                                              SHA-512:61AAF2841CFB2DCF802E5620347FF815572B66A2BECEDA7BADFB352765FFD8059D21FB9000BA57095A92C703D1FB7ABEFE2D0B2C2FF1EEC58DF29301AFD904F0
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...a..e.........."...0......v.................@..... ....................................`...@......@............... ...............................`...................-..............................................................................H...........n.I7.-.I8n... ...p..................@....text................r.............. ..`.rsrc........`.......(..............@..@P.....~.TVqz\.....K~...QE\ ........\..C..zB.=N.k.X.....h]...w8...F..+[.J..7.b.....Y.......V..J.6,....>:V..F..-..]C..G<..V.....~.GB0R.6../m.7...E$.P%&E..+..G.N...^.^.zZ.y.u..+.....&.7,wOg...a.z...z..$.thC.J%..'...._..g.6.A....>.{B.<..ku.......%.c..:...P.s.M..X)9.>.7y.<..z..-.w.w^.z...[...uB.l..17...r...$....UP...i0Woo...(.*..yuM...F..\=\=..|...[9..T.#....U.SL..g.l.b.....*QS..Y.A.3'...`..O../"..E......A+k....,.....)1.Ww.....v.C..h.8..6|A.Og...nl"d..1...J

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\x64\DecryptTool.exe.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):163
                                                                                                                                                                              Entropy (8bit):5.034911309270971
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:vFWWMNHU8LdgCQcIMOodBQV7VKXRAmIRMNHjFHr0lUfEyhTRGBAEDDQIMOov:TMVBd1InV7VQ7VJdfEyFRUAqDQIm
                                                                                                                                                                              MD5:DCCD44FB11B8E4EBDFB822E809A54B6F
                                                                                                                                                                              SHA1:1889D5AE8C7C70C051CBDE104AF6E0F31F8C1B63
                                                                                                                                                                              SHA-256:6862B25736259F7BFD344E43EEA10A703885BE381EEE2A745CEB12916B01A158
                                                                                                                                                                              SHA-512:DADFFE41BDADFC3A79CB34369C9A8B37CE4833AEE18058B02DCB13D64007F022B80B63AB404572C60278937CF83B06B00712FF9EE302E725B9D5C7FE14BD5F50
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>..<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2"/></startup></configuration>..

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\x86\DecryptTool.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):90512
                                                                                                                                                                              Entropy (8bit):6.724517270320744
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:rU1K2um9l5CjyT0r6M+a7qc5dhMYmOe3IVdQQz/mwDcZcxl:rMlnTuD+ar5dhMYmOe3WdQQz/mwDKE
                                                                                                                                                                              MD5:A072F16906AD5A95365456EC7FBB4A97
                                                                                                                                                                              SHA1:7EB85406BF120F64AE9B32E2DD275FC213B73F6B
                                                                                                                                                                              SHA-256:2B3524812AC3F789E21271B8CF7358A359B6042205C3B6A0FDF95DEB44B4622E
                                                                                                                                                                              SHA-512:980E668E18FC395242A39942166D3B3DE37D8A4FE4E14520AF29A202101DF75AA2BEF3C857657EA5F1BCE44501FB7D0F5EAFA706BC146022756E9BEBBAE8C074
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...i..e..............0......x............... ....@.. ...............................X....`.....................................O....`...............4...-..............................................................................H...........H.hex%(FPo... ...p..................@....text...`............t.............. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B.....................2.............. ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\x86\DecryptTool.exe.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):163
                                                                                                                                                                              Entropy (8bit):5.034911309270971
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:vFWWMNHU8LdgCQcIMOodBQV7VKXRAmIRMNHjFHr0lUfEyhTRGBAEDDQIMOov:TMVBd1InV7VQ7VJdfEyFRUAqDQIm
                                                                                                                                                                              MD5:DCCD44FB11B8E4EBDFB822E809A54B6F
                                                                                                                                                                              SHA1:1889D5AE8C7C70C051CBDE104AF6E0F31F8C1B63
                                                                                                                                                                              SHA-256:6862B25736259F7BFD344E43EEA10A703885BE381EEE2A745CEB12916B01A158
                                                                                                                                                                              SHA-512:DADFFE41BDADFC3A79CB34369C9A8B37CE4833AEE18058B02DCB13D64007F022B80B63AB404572C60278937CF83B06B00712FF9EE302E725B9D5C7FE14BD5F50
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>..<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2"/></startup></configuration>..

                                                                                                                                                                              C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\installlog.txt

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):495918
                                                                                                                                                                              Entropy (8bit):3.821543614366513
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:wZViNpjav9ssvOJed8cMZ1UOb1wIsVA3nMNZYsPwjhPQOZyxgoPj2RWDAoS0/jev:+ViDj02V
                                                                                                                                                                              MD5:83914D8619963300FA0233BBCB92A6B4
                                                                                                                                                                              SHA1:98AB8314D6AFE881D35EA27DA61B63804BD48C01
                                                                                                                                                                              SHA-256:AC881961B0750419A862C6E29EBC2161B3633F2EEA76E718B725288D90E88A37
                                                                                                                                                                              SHA-512:05C0D94CE507D1CDA7E07718F3E9AA1813E919F9E2FD36C32617B039FD1C7E718174180AA598D511A4F6B2241AD04E39935D76BCF3BEBB04617D24E4809DFBAD
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .3.0./.1.0./.2.0.2.4. . .1.2.:.5.2.:.0.2. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.D.e.s.k.t.o.p.\.P.C.P.r.i.v.a.c.y.S.h.i.e.l.d.S.e.t.u.p...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.5.8.:.B.0.). .[.1.2.:.5.2.:.0.2.:.0.9.3.].:. .S.O.F.T.W.A.R.E. .R.E.S.T.R.I.C.T.I.O.N. .P.O.L.I.C.Y.:. .V.e.r.i.f.y.i.n.g. .p.a.c.k.a.g.e. .-.-.>. .'.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.P.C. .P.r.i.v.a.c.y. .S.h.i.e.l.d.\.P.C. .P.r.i.v.a.c.y. .S.h.i.e.l.d. .4...9...8.\.i.n.s.t.a.l.l.\.1.2.F.7.7.9.E.\.P.C.P.r.i.v.a.c.y.S.h.i.e.l.d...m.s.i.'. .a.g.a.i.n.s.t. .s.o.f.t.w.a.r.e. .r.e.s.t.r.i.c.t.i.o.n. .p.o.l.i.c.y.....M.S.I. .(.c.). .(.5.8.:.B.0.). .[.1.2.:.5.2.:.0.2.:.0.9.3.].:. .S.O.F.T.W.A.R.E. .R.E.S.T.R.I.C.T.I.O.N. .P.O.L.I.C.Y.:. .C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.P.C. .P.r.i.v.a.c.y. .S.h.i.e.

                                                                                                                                                                              C:\Windows\Installer\6fd11f.msi

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {60A2DEFC-2BD6-42B1-90C4-2BEB1CFB0618}, Number of Words: 0, Subject: PC Privacy Shield, Author: ShieldApps, Name of Creating Application: PC Privacy Shield, Template: ;1033, Comments: This installer database contains the logic and data required to install PC Privacy Shield., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):4458496
                                                                                                                                                                              Entropy (8bit):6.475774879374287
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:49152:hV8kMo27Epq0n8Toc4Up8r6F5mCmR+Jv0Rn0rItYcuwwERO9qZFTvqPvO6Ezvs5e:uYn8To8o63vAYcuwrJaUOE3uNYx
                                                                                                                                                                              MD5:31CD604E8B53A5B1E43F18648E5256C2
                                                                                                                                                                              SHA1:4D894BBFE66A49C3158D16F831DA90295C2033E8
                                                                                                                                                                              SHA-256:3F3B9A72910DFF350291F95AF927E33929E60C0C0DAAEAD28801EB0710546B1D
                                                                                                                                                                              SHA-512:5D0D4B13B24B55CB19F1F31C1125FFD351A54B63C702F3925E35F1ADB01E330CC3738E8F4D54B95A22D4F6E71959F17D3A3598FA5A0CD7A0EB37D85C2171706C
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:......................>...................E...........................................q...r...s...t...u...v...w.......................................p...q...r...s...t...u...v...w...x...y...z...{...|...}...~.......................................................................................................{...|...}...~................ ... ...!.............................................................................................................................................................................._...........................>...?............................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...=...2...3...4...5...6...7...8...9...:...;...<.......@...J...A...B...H...C...D...E...F...G...K...I...T...X...L...M...N...O...P...Q...R...S.... ..U...V...W...^...Y...Z...[...\...]...O ..`.... ... ..b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                              C:\Windows\Installer\6fd121.msi

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {60A2DEFC-2BD6-42B1-90C4-2BEB1CFB0618}, Number of Words: 0, Subject: PC Privacy Shield, Author: ShieldApps, Name of Creating Application: PC Privacy Shield, Template: ;1033, Comments: This installer database contains the logic and data required to install PC Privacy Shield., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):4458496
                                                                                                                                                                              Entropy (8bit):6.475774879374287
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:49152:hV8kMo27Epq0n8Toc4Up8r6F5mCmR+Jv0Rn0rItYcuwwERO9qZFTvqPvO6Ezvs5e:uYn8To8o63vAYcuwrJaUOE3uNYx
                                                                                                                                                                              MD5:31CD604E8B53A5B1E43F18648E5256C2
                                                                                                                                                                              SHA1:4D894BBFE66A49C3158D16F831DA90295C2033E8
                                                                                                                                                                              SHA-256:3F3B9A72910DFF350291F95AF927E33929E60C0C0DAAEAD28801EB0710546B1D
                                                                                                                                                                              SHA-512:5D0D4B13B24B55CB19F1F31C1125FFD351A54B63C702F3925E35F1ADB01E330CC3738E8F4D54B95A22D4F6E71959F17D3A3598FA5A0CD7A0EB37D85C2171706C
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:......................>...................E...........................................q...r...s...t...u...v...w.......................................p...q...r...s...t...u...v...w...x...y...z...{...|...}...~.......................................................................................................{...|...}...~................ ... ...!.............................................................................................................................................................................._...........................>...?............................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...=...2...3...4...5...6...7...8...9...:...;...<.......@...J...A...B...H...C...D...E...F...G...K...I...T...X...L...M...N...O...P...Q...R...S.... ..U...V...W...^...Y...Z...[...\...]...O ..`.... ... ..b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                              C:\Windows\Installer\MSI6B4.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):739232
                                                                                                                                                                              Entropy (8bit):6.502710276384539
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:TTe5DtNZIsHPnK2VaSFeFa8YAZaEYh6R6swGvt5loCKDQ:TCjjPK2YSFefHajh6F5loCKDQ
                                                                                                                                                                              MD5:9B81778929C658EA907B7618F483BEB1
                                                                                                                                                                              SHA1:646E84B1EE486C071F5B2CF816C96443C8FA3979
                                                                                                                                                                              SHA-256:A326781B82AE171A4C5615765E69D35339011CABD1BF028B78D5B86019035C73
                                                                                                                                                                              SHA-512:D415BB350A5525486F8D814971611A69D5A4E2B223037E61867450427CB22E05B9AEC26F3B01A5295DF9E505E7E29A0EC45B6C79394A8C1E9E2F8DB4C75DEA1A
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......).c+mx.xmx.xmx.x...y`x.x...y.x.x"..y|x.x"..yux.x"..y5x.x...yzx.x...y|x.xmx.xNy.x...y>x.x...ylx.x...xlx.xmx.xlx.x...ylx.xRichmx.x........................PE..L...y~.c.........."!...".`...................p...............................`......._....@.........................P.......4........................$...#......`l......p...........................X...@............p..@.......`....................text....^.......`.................. ..`.rdata.. 2...p...4...d..............@..@.data...T(..........................@....rsrc...............................@..@.reloc..`l.......n..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Installer\MSI703.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:modified
                                                                                                                                                                              Size (bytes):739232
                                                                                                                                                                              Entropy (8bit):6.502710276384539
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:TTe5DtNZIsHPnK2VaSFeFa8YAZaEYh6R6swGvt5loCKDQ:TCjjPK2YSFefHajh6F5loCKDQ
                                                                                                                                                                              MD5:9B81778929C658EA907B7618F483BEB1
                                                                                                                                                                              SHA1:646E84B1EE486C071F5B2CF816C96443C8FA3979
                                                                                                                                                                              SHA-256:A326781B82AE171A4C5615765E69D35339011CABD1BF028B78D5B86019035C73
                                                                                                                                                                              SHA-512:D415BB350A5525486F8D814971611A69D5A4E2B223037E61867450427CB22E05B9AEC26F3B01A5295DF9E505E7E29A0EC45B6C79394A8C1E9E2F8DB4C75DEA1A
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......).c+mx.xmx.xmx.x...y`x.x...y.x.x"..y|x.x"..yux.x"..y5x.x...yzx.x...y|x.xmx.xNy.x...y>x.x...ylx.x...xlx.xmx.xlx.x...ylx.xRichmx.x........................PE..L...y~.c.........."!...".`...................p...............................`......._....@.........................P.......4........................$...#......`l......p...........................X...@............p..@.......`....................text....^.......`.................. ..`.rdata.. 2...p...4...d..............@..@.data...T(..........................@....rsrc...............................@..@.reloc..`l.......n..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Installer\MSID2E4.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):570784
                                                                                                                                                                              Entropy (8bit):6.45015034296188
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:j+Sud3L4YgAc8wjVMeKRtGnm3CCRloVywX9gDAOJVafv5khoJQCmR+:j+SuPgAc8+MjGCCslegDTwX5/OCmR+
                                                                                                                                                                              MD5:2C9C51AC508570303C6D46C0571EA3A1
                                                                                                                                                                              SHA1:E3E0FE08FA11A43C8BCA533F212BDF0704C726D5
                                                                                                                                                                              SHA-256:FF86C76A8D5846B3A1AD58FF2FD8E5A06A84EB5899CDEE98E59C548D33335550
                                                                                                                                                                              SHA-512:DF5F1DEF5AAC44F39A2DFDE9C6C73F15F83A7374B4AD42B67E425CCB7AC99A64C5701B676AE46D2F7167A04A955158031A839E7878D100AAF8FAB0CE2059F127
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&r.gb..4b..4b..4.a.5o..4.a.5...4-o.5s..4-o.5z..4-o.5(..4.a.5{..4.a.5c..4.a.5E..4b..4...4.o.5...4.o.5c..4.ou4c..4b..4c..4.o.5c..4Richb..4................PE..L....}.c.........."!..."..................................................................@.....................................,....`...................#...p...b..8Y..p....................Y......xX..@...............<............................text...6........................... ..`.rdata..X...........................@..@.data...."...0......................@....rsrc........`.......&..............@..@.reloc...b...p...d..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Installer\MSID362.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):570784
                                                                                                                                                                              Entropy (8bit):6.45015034296188
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:j+Sud3L4YgAc8wjVMeKRtGnm3CCRloVywX9gDAOJVafv5khoJQCmR+:j+SuPgAc8+MjGCCslegDTwX5/OCmR+
                                                                                                                                                                              MD5:2C9C51AC508570303C6D46C0571EA3A1
                                                                                                                                                                              SHA1:E3E0FE08FA11A43C8BCA533F212BDF0704C726D5
                                                                                                                                                                              SHA-256:FF86C76A8D5846B3A1AD58FF2FD8E5A06A84EB5899CDEE98E59C548D33335550
                                                                                                                                                                              SHA-512:DF5F1DEF5AAC44F39A2DFDE9C6C73F15F83A7374B4AD42B67E425CCB7AC99A64C5701B676AE46D2F7167A04A955158031A839E7878D100AAF8FAB0CE2059F127
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&r.gb..4b..4b..4.a.5o..4.a.5...4-o.5s..4-o.5z..4-o.5(..4.a.5{..4.a.5c..4.a.5E..4b..4...4.o.5...4.o.5c..4.ou4c..4b..4c..4.o.5c..4Richb..4................PE..L....}.c.........."!..."..................................................................@.....................................,....`...................#...p...b..8Y..p....................Y......xX..@...............<............................text...6........................... ..`.rdata..X...........................@..@.data...."...0......................@....rsrc........`.......&..............@..@.reloc...b...p...d..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Installer\MSID3A1.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):570784
                                                                                                                                                                              Entropy (8bit):6.45015034296188
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:j+Sud3L4YgAc8wjVMeKRtGnm3CCRloVywX9gDAOJVafv5khoJQCmR+:j+SuPgAc8+MjGCCslegDTwX5/OCmR+
                                                                                                                                                                              MD5:2C9C51AC508570303C6D46C0571EA3A1
                                                                                                                                                                              SHA1:E3E0FE08FA11A43C8BCA533F212BDF0704C726D5
                                                                                                                                                                              SHA-256:FF86C76A8D5846B3A1AD58FF2FD8E5A06A84EB5899CDEE98E59C548D33335550
                                                                                                                                                                              SHA-512:DF5F1DEF5AAC44F39A2DFDE9C6C73F15F83A7374B4AD42B67E425CCB7AC99A64C5701B676AE46D2F7167A04A955158031A839E7878D100AAF8FAB0CE2059F127
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&r.gb..4b..4b..4.a.5o..4.a.5...4-o.5s..4-o.5z..4-o.5(..4.a.5{..4.a.5c..4.a.5E..4b..4...4.o.5...4.o.5c..4.ou4c..4b..4c..4.o.5c..4Richb..4................PE..L....}.c.........."!..."..................................................................@.....................................,....`...................#...p...b..8Y..p....................Y......xX..@...............<............................text...6........................... ..`.rdata..X...........................@..@.data...."...0......................@....rsrc........`.......&..............@..@.reloc...b...p...d..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Installer\MSID3D1.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):570784
                                                                                                                                                                              Entropy (8bit):6.45015034296188
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:j+Sud3L4YgAc8wjVMeKRtGnm3CCRloVywX9gDAOJVafv5khoJQCmR+:j+SuPgAc8+MjGCCslegDTwX5/OCmR+
                                                                                                                                                                              MD5:2C9C51AC508570303C6D46C0571EA3A1
                                                                                                                                                                              SHA1:E3E0FE08FA11A43C8BCA533F212BDF0704C726D5
                                                                                                                                                                              SHA-256:FF86C76A8D5846B3A1AD58FF2FD8E5A06A84EB5899CDEE98E59C548D33335550
                                                                                                                                                                              SHA-512:DF5F1DEF5AAC44F39A2DFDE9C6C73F15F83A7374B4AD42B67E425CCB7AC99A64C5701B676AE46D2F7167A04A955158031A839E7878D100AAF8FAB0CE2059F127
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&r.gb..4b..4b..4.a.5o..4.a.5...4-o.5s..4-o.5z..4-o.5(..4.a.5{..4.a.5c..4.a.5E..4b..4...4.o.5...4.o.5c..4.ou4c..4b..4c..4.o.5c..4Richb..4................PE..L....}.c.........."!..."..................................................................@.....................................,....`...................#...p...b..8Y..p....................Y......xX..@...............<............................text...6........................... ..`.rdata..X...........................@..@.data...."...0......................@....rsrc........`.......&..............@..@.reloc...b...p...d..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Installer\MSID411.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):570784
                                                                                                                                                                              Entropy (8bit):6.45015034296188
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:j+Sud3L4YgAc8wjVMeKRtGnm3CCRloVywX9gDAOJVafv5khoJQCmR+:j+SuPgAc8+MjGCCslegDTwX5/OCmR+
                                                                                                                                                                              MD5:2C9C51AC508570303C6D46C0571EA3A1
                                                                                                                                                                              SHA1:E3E0FE08FA11A43C8BCA533F212BDF0704C726D5
                                                                                                                                                                              SHA-256:FF86C76A8D5846B3A1AD58FF2FD8E5A06A84EB5899CDEE98E59C548D33335550
                                                                                                                                                                              SHA-512:DF5F1DEF5AAC44F39A2DFDE9C6C73F15F83A7374B4AD42B67E425CCB7AC99A64C5701B676AE46D2F7167A04A955158031A839E7878D100AAF8FAB0CE2059F127
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&r.gb..4b..4b..4.a.5o..4.a.5...4-o.5s..4-o.5z..4-o.5(..4.a.5{..4.a.5c..4.a.5E..4b..4...4.o.5...4.o.5c..4.ou4c..4b..4c..4.o.5c..4Richb..4................PE..L....}.c.........."!..."..................................................................@.....................................,....`...................#...p...b..8Y..p....................Y......xX..@...............<............................text...6........................... ..`.rdata..X...........................@..@.data...."...0......................@....rsrc........`.......&..............@..@.reloc...b...p...d..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Installer\MSID441.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):722336
                                                                                                                                                                              Entropy (8bit):6.433493638608556
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:xDCGkZjiIiS4fZrmrRahiyN+bqpoMU0Z/4CwwEjD4JyVzIXy9e550L96RgO5uh:x7kZVI+ep5U2fvEjD4wzIXP50L96RX5u
                                                                                                                                                                              MD5:E361F7BFAAC80FF5BAC709905D6B1A16
                                                                                                                                                                              SHA1:724D294983509FD37CF282403E25F26890FBFC8F
                                                                                                                                                                              SHA-256:44CFE8ECE8A14C06BC0C953176680623E802769B921F39B86647B541EF1EB06D
                                                                                                                                                                              SHA-512:47B7D7BEB22484B67F05A3DBF28F78E3C55F1FF07204EAC613E6912F82C713E4E8622D5F40A6A04731F6A9E0E5AB15E05B132493A4B06F882532A470A4BDDEDF
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......m..D)...)...).......$...........f...8...f...1.......0...f...t.......(.......>...)...F.......a.......(.....*.(...).B.(.......(...Rich)...........................PE..L...S~.c.........."!..."..................................................... ............@.........................@M......\N..........h................#.......o..8@..p....................@..........@....................K..@....................text...|........................... ..`.rdata..Bb.......d..................@..@.data....'...p.......V..............@....rsrc...h............l..............@..@.reloc...o.......p...r..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Installer\MSID4AF.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):722336
                                                                                                                                                                              Entropy (8bit):6.433493638608556
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:xDCGkZjiIiS4fZrmrRahiyN+bqpoMU0Z/4CwwEjD4JyVzIXy9e550L96RgO5uh:x7kZVI+ep5U2fvEjD4wzIXP50L96RX5u
                                                                                                                                                                              MD5:E361F7BFAAC80FF5BAC709905D6B1A16
                                                                                                                                                                              SHA1:724D294983509FD37CF282403E25F26890FBFC8F
                                                                                                                                                                              SHA-256:44CFE8ECE8A14C06BC0C953176680623E802769B921F39B86647B541EF1EB06D
                                                                                                                                                                              SHA-512:47B7D7BEB22484B67F05A3DBF28F78E3C55F1FF07204EAC613E6912F82C713E4E8622D5F40A6A04731F6A9E0E5AB15E05B132493A4B06F882532A470A4BDDEDF
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......m..D)...)...).......$...........f...8...f...1.......0...f...t.......(.......>...)...F.......a.......(.....*.(...).B.(.......(...Rich)...........................PE..L...S~.c.........."!..."..................................................... ............@.........................@M......\N..........h................#.......o..8@..p....................@..........@....................K..@....................text...|........................... ..`.rdata..Bb.......d..................@..@.data....'...p.......V..............@....rsrc...h............l..............@..@.reloc...o.......p...r..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Installer\MSID6A4.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):6013574
                                                                                                                                                                              Entropy (8bit):6.476539256823272
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:49152:ga2YBPaUF5loCKDNa2YBPaUF5loCKDpa2YBPaUF5loCKD/a2YBPaUF5loCKDFa2G:VaUFaUBaUFaUNaUeaU6aUwxYwI
                                                                                                                                                                              MD5:A982C6C9A89DBA38A824010EF740F669
                                                                                                                                                                              SHA1:7FEC679BA82076C1A1F0BF00BB9598ED7C20AEEE
                                                                                                                                                                              SHA-256:8D0C08BF564D01390A110E9008509836BA4A24AC85689131F7EF0ACF5A755D9B
                                                                                                                                                                              SHA-512:983E1B9A195EF286432A917C83E3A6F31816B7E63A27A75A4D4060FD6A0B3ACE1953310F3DE25F065F7DBFED561C71598BCE7AA92ABAFC91103926A8DE37BF65
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:...@IXOS.@.....@.f^Y.@.....@.....@.....@.....@.....@......&.{AFBC5F3E-A4BA-45F5-AD51-E866312F779E}..PC Privacy Shield..PCPrivacyShield.msi.@.....@.....@.....@......icon_1.exe..&.{60A2DEFC-2BD6-42B1-90C4-2BEB1CFB0618}.....@.....@.....@.....@.......@.....@.....@.......@......PC Privacy Shield......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@:....@.....@.]....&.{8440EFAC-09F5-41A9-AD93-B64FE313D3FE}9.01:\Software\ShieldApps\PC Privacy Shield\AI_SETUPEXEPATH.@.......@.....@.....@......&.{F53DF7FF-AE19-43FE-A51C-30070961E070}).C:\Program Files (x86)\PC Privacy Shield\.@.......@.....@.....@......&.{BF94B3BE-2662-424A-AED9-D095D9D60DDA}0.01:\Software\ShieldApps\PC Privacy Shield\Params.@.......@.....@.....@......&.{AC60A957-0343-4281-9746-2B02FD454C86}5.C:\Program Files (x86)\PC Privacy Shield\CaByp.CA.dll.@.......@.....@.....@......&.{935FC1DB-055A-428A-8608-6C82AFB5D086}1.01:\Sof

                                                                                                                                                                              C:\Windows\Installer\MSID84B.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):739232
                                                                                                                                                                              Entropy (8bit):6.502710276384539
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:TTe5DtNZIsHPnK2VaSFeFa8YAZaEYh6R6swGvt5loCKDQ:TCjjPK2YSFefHajh6F5loCKDQ
                                                                                                                                                                              MD5:9B81778929C658EA907B7618F483BEB1
                                                                                                                                                                              SHA1:646E84B1EE486C071F5B2CF816C96443C8FA3979
                                                                                                                                                                              SHA-256:A326781B82AE171A4C5615765E69D35339011CABD1BF028B78D5B86019035C73
                                                                                                                                                                              SHA-512:D415BB350A5525486F8D814971611A69D5A4E2B223037E61867450427CB22E05B9AEC26F3B01A5295DF9E505E7E29A0EC45B6C79394A8C1E9E2F8DB4C75DEA1A
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......).c+mx.xmx.xmx.x...y`x.x...y.x.x"..y|x.x"..yux.x"..y5x.x...yzx.x...y|x.xmx.xNy.x...y>x.x...ylx.x...xlx.xmx.xlx.x...ylx.xRichmx.x........................PE..L...y~.c.........."!...".`...................p...............................`......._....@.........................P.......4........................$...#......`l......p...........................X...@............p..@.......`....................text....^.......`.................. ..`.rdata.. 2...p...4...d..............@..@.data...T(..........................@....rsrc...............................@..@.reloc..`l.......n..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Installer\MSID86B.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):739232
                                                                                                                                                                              Entropy (8bit):6.502710276384539
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:TTe5DtNZIsHPnK2VaSFeFa8YAZaEYh6R6swGvt5loCKDQ:TCjjPK2YSFefHajh6F5loCKDQ
                                                                                                                                                                              MD5:9B81778929C658EA907B7618F483BEB1
                                                                                                                                                                              SHA1:646E84B1EE486C071F5B2CF816C96443C8FA3979
                                                                                                                                                                              SHA-256:A326781B82AE171A4C5615765E69D35339011CABD1BF028B78D5B86019035C73
                                                                                                                                                                              SHA-512:D415BB350A5525486F8D814971611A69D5A4E2B223037E61867450427CB22E05B9AEC26F3B01A5295DF9E505E7E29A0EC45B6C79394A8C1E9E2F8DB4C75DEA1A
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......).c+mx.xmx.xmx.x...y`x.x...y.x.x"..y|x.x"..yux.x"..y5x.x...yzx.x...y|x.xmx.xNy.x...y>x.x...ylx.x...xlx.xmx.xlx.x...ylx.xRichmx.x........................PE..L...y~.c.........."!...".`...................p...............................`......._....@.........................P.......4........................$...#......`l......p...........................X...@............p..@.......`....................text....^.......`.................. ..`.rdata.. 2...p...4...d..............@..@.data...T(..........................@....rsrc...............................@..@.reloc..`l.......n..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Installer\MSID966.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):339872
                                                                                                                                                                              Entropy (8bit):6.510807314703202
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:20db8ujPNTpkVGfwsLAO3P6xjxWxzG5v:hdb8ujPN0nsLRPKxWxzG5v
                                                                                                                                                                              MD5:080CC38F68DDD4B9958338786BAAC5E3
                                                                                                                                                                              SHA1:567CBBE72BE587AA5D4021240E0D1E76B81C098E
                                                                                                                                                                              SHA-256:B164D00D5D2234625D979DA0F1A4EFEF73D7B40000DA5D493AAEFD817AD086B1
                                                                                                                                                                              SHA-512:55F7EB841FDC1051A9D2100F9E4620655EA9A4CA6FD50FB2840D39B1F4177281BA2D492BD6E107F1E6DE7119A760192D62E5959BA27F7812DE41425875F0C129
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r..6..6..6.....;........y..9..y..!..y..d...........'..6........-.....7....3.7..6.[.7.....7..Rich6..........PE..L...D~.c.........."!...".p...................................................@............@.................................H...........x................#.......3..0L..p....................L......pK..@...............(............................text....o.......p.................. ..`.rdata...O.......P...t..............@..@.data...............................@....rsrc...x...........................@..@.reloc...3.......4..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Installer\MSIDAFD.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):739232
                                                                                                                                                                              Entropy (8bit):6.502710276384539
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:TTe5DtNZIsHPnK2VaSFeFa8YAZaEYh6R6swGvt5loCKDQ:TCjjPK2YSFefHajh6F5loCKDQ
                                                                                                                                                                              MD5:9B81778929C658EA907B7618F483BEB1
                                                                                                                                                                              SHA1:646E84B1EE486C071F5B2CF816C96443C8FA3979
                                                                                                                                                                              SHA-256:A326781B82AE171A4C5615765E69D35339011CABD1BF028B78D5B86019035C73
                                                                                                                                                                              SHA-512:D415BB350A5525486F8D814971611A69D5A4E2B223037E61867450427CB22E05B9AEC26F3B01A5295DF9E505E7E29A0EC45B6C79394A8C1E9E2F8DB4C75DEA1A
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......).c+mx.xmx.xmx.x...y`x.x...y.x.x"..y|x.x"..yux.x"..y5x.x...yzx.x...y|x.xmx.xNy.x...y>x.x...ylx.x...xlx.xmx.xlx.x...ylx.xRichmx.x........................PE..L...y~.c.........."!...".`...................p...............................`......._....@.........................P.......4........................$...#......`l......p...........................X...@............p..@.......`....................text....^.......`.................. ..`.rdata.. 2...p...4...d..............@..@.data...T(..........................@....rsrc...............................@..@.reloc..`l.......n..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Installer\MSIDB5C.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):739232
                                                                                                                                                                              Entropy (8bit):6.502710276384539
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:TTe5DtNZIsHPnK2VaSFeFa8YAZaEYh6R6swGvt5loCKDQ:TCjjPK2YSFefHajh6F5loCKDQ
                                                                                                                                                                              MD5:9B81778929C658EA907B7618F483BEB1
                                                                                                                                                                              SHA1:646E84B1EE486C071F5B2CF816C96443C8FA3979
                                                                                                                                                                              SHA-256:A326781B82AE171A4C5615765E69D35339011CABD1BF028B78D5B86019035C73
                                                                                                                                                                              SHA-512:D415BB350A5525486F8D814971611A69D5A4E2B223037E61867450427CB22E05B9AEC26F3B01A5295DF9E505E7E29A0EC45B6C79394A8C1E9E2F8DB4C75DEA1A
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......).c+mx.xmx.xmx.x...y`x.x...y.x.x"..y|x.x"..yux.x"..y5x.x...yzx.x...y|x.xmx.xNy.x...y>x.x...ylx.x...xlx.xmx.xlx.x...ylx.xRichmx.x........................PE..L...y~.c.........."!...".`...................p...............................`......._....@.........................P.......4........................$...#......`l......p...........................X...@............p..@.......`....................text....^.......`.................. ..`.rdata.. 2...p...4...d..............@..@.data...T(..........................@....rsrc...............................@..@.reloc..`l.......n..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Installer\MSIE485.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):339872
                                                                                                                                                                              Entropy (8bit):6.510807314703202
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:20db8ujPNTpkVGfwsLAO3P6xjxWxzG5v:hdb8ujPN0nsLRPKxWxzG5v
                                                                                                                                                                              MD5:080CC38F68DDD4B9958338786BAAC5E3
                                                                                                                                                                              SHA1:567CBBE72BE587AA5D4021240E0D1E76B81C098E
                                                                                                                                                                              SHA-256:B164D00D5D2234625D979DA0F1A4EFEF73D7B40000DA5D493AAEFD817AD086B1
                                                                                                                                                                              SHA-512:55F7EB841FDC1051A9D2100F9E4620655EA9A4CA6FD50FB2840D39B1F4177281BA2D492BD6E107F1E6DE7119A760192D62E5959BA27F7812DE41425875F0C129
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r..6..6..6.....;........y..9..y..!..y..d...........'..6........-.....7....3.7..6.[.7.....7..Rich6..........PE..L...D~.c.........."!...".p...................................................@............@.................................H...........x................#.......3..0L..p....................L......pK..@...............(............................text....o.......p.................. ..`.rdata...O.......P...t..............@..@.data...............................@....rsrc...x...........................@..@.reloc...3.......4..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Installer\SourceHash{AFBC5F3E-A4BA-45F5-AD51-E866312F779E}

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):24576
                                                                                                                                                                              Entropy (8bit):2.601935353676148
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:GI8j3jQkVhJJAQFjvd2VJULKeAIJfQeC/reg3nS9l9ln:GIsjrJAkMJU+nml
                                                                                                                                                                              MD5:65980852B2F93D6617F0A1B6CC1AB15B
                                                                                                                                                                              SHA1:6012FCFF61369D67908915D5FC0FA8EE49CCBB4F
                                                                                                                                                                              SHA-256:56D40E30F834CD810F3A23126A6B2EFDE31CC0164EF5ECC74F73A7371EA0E5DA
                                                                                                                                                                              SHA-512:BAA7A81395E7BF0615DEAB748AD39A2DFED2AC4E55762CA84B06A188C21601D8AA9AD30A722CE092B6BD2885A3C0C609F8ADFFCB4B5C4C2EE4D73F72BFFABE2C
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                              Entropy (8bit):1.81337119446672
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:1hn1fnTdBh6LTqRCJhGONJKVQwkqRCJnNX:f1/HaGOOo
                                                                                                                                                                              MD5:F5FEA34C5FD4620A498135D9A3BF1EF5
                                                                                                                                                                              SHA1:3A068ABA375A1BFF585D9F20877C65B03A072BDD
                                                                                                                                                                              SHA-256:1F6992726B01C4F32E278DEE902D2D72BDF858D1FC521623B081D8414BC74C66
                                                                                                                                                                              SHA-512:8DB9147774BC9634DBA4EF320387524FB7548E4D4AB623F578C60BD26AB654A383205D6352B3509CEBD09FFA57833540542E76A28134160B20FE8F68E8A0F6F3
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Installer\{AFBC5F3E-A4BA-45F5-AD51-E866312F779E}\SystemFoldermsiexec.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:MS Windows icon resource - 8 icons, 32x32, 16 colors, 4 bits/pixel, 24x24, 16 colors, 4 bits/pixel
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):14534
                                                                                                                                                                              Entropy (8bit):5.08612958031438
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:gWiXwlNwH5AxLV1th7743rsl0rMeaJ/1Nc6keo0/waIkllDh2syOqniTJ8Q:gWd7wqRGYlEMe6/3NkmIkR2syOqi1X
                                                                                                                                                                              MD5:C2649AD15118FD46780D6FCBC38447D0
                                                                                                                                                                              SHA1:F32EFACB590F5028A9F5DA7236CC74086A3C87EC
                                                                                                                                                                              SHA-256:F0F4D5BF1DE9D2463031520AFF51FEB1E7D432ECEA447534A91CBBD79832AC89
                                                                                                                                                                              SHA-512:322EA628ED541713457248341B2CD0A95B6DD3661C9E1E4A22285368872A1B2A89808E272E2A6195B34FD47BD02C33AA893D0C324FBE35E4D65C5E5F401A81AE
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:...... ..........................n... ..........V...........................h....... .... ............... ......*........ .h...^4..(... ...@.....................................................................................................................................................................................................................................ww.w............fg.fh...........fg.fg..........x.x.............f....v..........fx...fo.........fo...f..........w....f...........................w..w............wx.w.....................................................................................................................................................................................................................................?...?...?...?...?...?...?...?...?...?...?...?...............................................................?....(.......0........... .....................................................................................................

                                                                                                                                                                              C:\Windows\Installer\{AFBC5F3E-A4BA-45F5-AD51-E866312F779E}\icon_1.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:MS Windows icon resource - 9 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):121083
                                                                                                                                                                              Entropy (8bit):3.0096941539714535
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:jYpmlJ+JkdO9mYQe94fNAnn4cjtRb9CxnaiPnbrH/xKZRsvdr5VtY:89JKYl94fNAn4cjEx/brH/xKZRWrtY
                                                                                                                                                                              MD5:616516A5878EBA90356E14819A1C8A4E
                                                                                                                                                                              SHA1:6C1A98C96E12C207B453AB0854326AA4C5FFEF8E
                                                                                                                                                                              SHA-256:7037B03540350AD23923594861A059AA5D863AF86E5180A0DD74A9F1B6ECB3ED
                                                                                                                                                                              SHA-512:7903357B15069FF4C70C88DF82E26CFDC571945E68FDC11EB445B600A7209F50A7DDD0894B3B0FFB06921DDEC09FE7EED2BBC9888B1221124DAEED31AEC706E1
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:............ ..(............ .(...K)..@@.... .(B..s1..00.... ..%...s..((.... .h...C... .... ............... .....S......... ............... .h........PNG........IHDR.............\r.f..(|IDATx..}`.U..?gv...RJ/-*../...*.....jK.]@D..b..,.......U..E.J.$.;UQi.B....-.*.^.~-xU.\...M......H..;..l....g2s..9gwv.s^.G!D...<|...x.f..aIV....\...S..]f..8a.@...Pa.@(..]kc..f-5..h...N}....t......^..v..... ..F...cq.{.....@...'?...@..1......]G!8D..B...P.j.......{.Y.^........O...@(.Q...aD.T...t....;W.(x.9.....h.6@_..5..e.;.n#.;...!....}.+.jU...]..FU...6.~8t..w.n..m..X......gMs..F..... ..F..8c......'.|....I>......8.......\..=. .sn0......co...?x..}...U....A.. D.Q.!s._.P.....G_.Zu....x..:..k...z...R........Q.i...W...\.N..\.../;...6.P....!...c...c.'.........n..q......@.....d..........F..=..m.}.....#.kD..B...Pf.\.xu...\`..}f..@k.....:/..|9.e....._....n.M.u.@.w.r.}_.YkPnD..B....0...[...+.=*i....}.@.......`.Esw.Y......TU}.@.>b...3....y}.@WsbS...h.....#..Dl.>l.{......o.

                                                                                                                                                                              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):432221
                                                                                                                                                                              Entropy (8bit):5.375174468679489
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauK:zTtbmkExhMJCIpErf
                                                                                                                                                                              MD5:5CA82716C3E8A406AF44A5AEE2567AE4
                                                                                                                                                                              SHA1:45E765F6413C23A6235E90FCC06D9B2B6770C394
                                                                                                                                                                              SHA-256:C2CFCB1F3E54EB1ADA581C4C0F2AC9F71945B33AB007F3C818EE058C1E056F2D
                                                                                                                                                                              SHA-512:B5DF3AF946DB5D3B53C9B4EEF0985193660110E7EC0344A84DA50DE14E21CFD3DC7B53326AE8BBB7B479A532529822AF4C3EC899AE0317B1A0D1E6BC217F6EAB
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                              C:\Windows\Temp\~DF173C80D9DDF22ED7.TMP

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):512
                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3::
                                                                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Temp\~DF18D50AD3F4E7DE3E.TMP

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                              Entropy (8bit):1.3341280688105785
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:19lncax3jQkVhJJAQFjvd2VJULKeAIJfQeC/reg3nS:1caxjrJAkMJU+n
                                                                                                                                                                              MD5:52C23A58F7801684DB35767A626B9B5A
                                                                                                                                                                              SHA1:95CEFADCE65935B0C34FB6D6DED59AF3347D7440
                                                                                                                                                                              SHA-256:60B23D5162A618ADD755201AF3C9E736C1B00E3CDACBD841CB932DCBD47C6B0A
                                                                                                                                                                              SHA-512:C7821CF3F3D8EC571C58D14A0D9F01EA8424BD6D8CEBEDA6D5AC6A67F24E682E0B057C4E25092F8D768C2E58A08517F2AFAB7BD06928C1209474226638263816
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Temp\~DF4BA3D91FBA5C65F1.TMP

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                              Entropy (8bit):1.4334221280316073
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:g/N3TLaBh6LTqRCJhGONJKVQwkqRCJnNX:AN3fwaGOOo
                                                                                                                                                                              MD5:EB5A2F328BD14A05905B4B6E63809FA9
                                                                                                                                                                              SHA1:A5381B6F0F1C929AF8DD6F5723C69A3F9541F033
                                                                                                                                                                              SHA-256:9C327515995095E574C329C80727751153580CF55C39CE19DF310F49C10FF43A
                                                                                                                                                                              SHA-512:483928E2507733A043E2D27C15E8029E5C7AFAC198B18EF2B47C848FEF9DCA9D5262848888CE4B175BE5798C5A7FBF393F5118AD6C0222D2CBE49FDA743741D1
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Temp\~DF69968D1EFA1C8FF3.TMP

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):512
                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3::
                                                                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Temp\~DF71D1A03631C877EF.TMP

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                              Entropy (8bit):1.81337119446672
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:1hn1fnTdBh6LTqRCJhGONJKVQwkqRCJnNX:f1/HaGOOo
                                                                                                                                                                              MD5:F5FEA34C5FD4620A498135D9A3BF1EF5
                                                                                                                                                                              SHA1:3A068ABA375A1BFF585D9F20877C65B03A072BDD
                                                                                                                                                                              SHA-256:1F6992726B01C4F32E278DEE902D2D72BDF858D1FC521623B081D8414BC74C66
                                                                                                                                                                              SHA-512:8DB9147774BC9634DBA4EF320387524FB7548E4D4AB623F578C60BD26AB654A383205D6352B3509CEBD09FFA57833540542E76A28134160B20FE8F68E8A0F6F3
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Temp\~DF91A8F0FB9E1BC312.TMP

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                              Entropy (8bit):1.4334221280316073
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:g/N3TLaBh6LTqRCJhGONJKVQwkqRCJnNX:AN3fwaGOOo
                                                                                                                                                                              MD5:EB5A2F328BD14A05905B4B6E63809FA9
                                                                                                                                                                              SHA1:A5381B6F0F1C929AF8DD6F5723C69A3F9541F033
                                                                                                                                                                              SHA-256:9C327515995095E574C329C80727751153580CF55C39CE19DF310F49C10FF43A
                                                                                                                                                                              SHA-512:483928E2507733A043E2D27C15E8029E5C7AFAC198B18EF2B47C848FEF9DCA9D5262848888CE4B175BE5798C5A7FBF393F5118AD6C0222D2CBE49FDA743741D1
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Temp\~DF92DD1C16D5189518.TMP

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):512
                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3::
                                                                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Temp\~DFA5CDC44137AD86B2.TMP

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):512
                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3::
                                                                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Temp\~DFB2609D67E43D3DC8.TMP

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):512
                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3::
                                                                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Temp\~DFD811F4846B019F8B.TMP

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):73728
                                                                                                                                                                              Entropy (8bit):0.2309368525117486
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:RSiD5T4dnpAEkrCyinSkdn7cVodnpAEkrCyihGOSkdnJEcVVaZJrEAwRZwPDFDqy:bGqRCJnNNqRCJhGONJKVQwkXXhu
                                                                                                                                                                              MD5:E833C92F69A12D3199945DFB200C174F
                                                                                                                                                                              SHA1:D23B38A8F67E7FCF7298D820BC60B7BCF32479F9
                                                                                                                                                                              SHA-256:343129C83D115B93B14AA4EA63089767E9AEF7CF7BCC5AF29D108D189F9CD2F6
                                                                                                                                                                              SHA-512:097009E4513E219CB7E11A78C4493036916C3DD5FE20C439E4ACD8D491EBDACFA10F0A77784ED854F6BCBEBEFA827140333016633D974985619087EEFBA5E7F2
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Temp\~DFF2CB425510FD4329.TMP

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                              Entropy (8bit):1.81337119446672
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:1hn1fnTdBh6LTqRCJhGONJKVQwkqRCJnNX:f1/HaGOOo
                                                                                                                                                                              MD5:F5FEA34C5FD4620A498135D9A3BF1EF5
                                                                                                                                                                              SHA1:3A068ABA375A1BFF585D9F20877C65B03A072BDD
                                                                                                                                                                              SHA-256:1F6992726B01C4F32E278DEE902D2D72BDF858D1FC521623B081D8414BC74C66
                                                                                                                                                                              SHA-512:8DB9147774BC9634DBA4EF320387524FB7548E4D4AB623F578C60BD26AB654A383205D6352B3509CEBD09FFA57833540542E76A28134160B20FE8F68E8A0F6F3
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Temp\~DFF7C333F348959322.TMP

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                              Entropy (8bit):1.4334221280316073
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:g/N3TLaBh6LTqRCJhGONJKVQwkqRCJnNX:AN3fwaGOOo
                                                                                                                                                                              MD5:EB5A2F328BD14A05905B4B6E63809FA9
                                                                                                                                                                              SHA1:A5381B6F0F1C929AF8DD6F5723C69A3F9541F033
                                                                                                                                                                              SHA-256:9C327515995095E574C329C80727751153580CF55C39CE19DF310F49C10FF43A
                                                                                                                                                                              SHA-512:483928E2507733A043E2D27C15E8029E5C7AFAC198B18EF2B47C848FEF9DCA9D5262848888CE4B175BE5798C5A7FBF393F5118AD6C0222D2CBE49FDA743741D1
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              Chrome Cache Entry: 366

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:Web Open Font Format (Version 2), TrueType, length 18536, version 1.0
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):18536
                                                                                                                                                                              Entropy (8bit):7.986571198050597
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:IhocXmE6eM871P7td/mcOKA454H2orQEONKrOqxw:f6WeL1P//9D54WCCKc
                                                                                                                                                                              MD5:8EFF0B8045FD1959E117F85654AE7770
                                                                                                                                                                              SHA1:227FEE13CEB7C410B5C0BB8000258B6643CB6255
                                                                                                                                                                              SHA-256:89978E658E840B927DDDB5CB3A835C7D8526ECE79933BD9F3096B301FE1A8571
                                                                                                                                                                              SHA-512:2E4FB65CAAB06F02E341E9BA4FB217D682338881DABA3518A0DF8DF724E0496E1AF613DB8E2F65B42B9E82703BA58916B5F5ABB68C807C78A88577030A6C2058
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2
                                                                                                                                                                              Preview:wOF2......Hh..........H..............................Z..|.`..J.T..<.....H..U..Z...x.6.$..0. ..t. ..I....p.0.VU.......1....AQ...d..x.....R..4.-.c..C$fUc.c..IX..@..~g.xs.....%...O...eJ.w..U.|.......%*..{.......U+..T#.S......`.n.....V.w.4..~P"..zk.%..../........=3...F.........V.FL..;Bc.........A.Uk.U1.b!Y.BH.DL...s.s...F.m.9a..GJ..1..#.`*m5..DI..X5#.........B.Akm.....&..0...{.L.....G......-(.......O4.@3....=......f..l...$.....j..NO...e.Y.tJ2J>F.(.c....08..e...~....D2S7s:.G'Gm........!.7.........r.c.`,.....~.).......c>1.......Y.g2^...T-1.7./r./....>...g.ov@u.?.U.+._...'M..,.,g....!g..9."..yBF.#r+.Ps...%.d=....U...5.b.$:`.4R.II.<A....Q)....e...k.....M.8.z....+.....5}..F........F.d._...].~-](.Lf....Y..W....;-z...;. .@x._v../.%UIm....=s...P.C....G...^..Q.!g.!b._.P....at..?.}....t.z...O(..Y6..R.2.X....k.R..K.gw(.F.K?m..R*...7....dj..7. .r.U..be.4......8.].w.B..B......Y..:..8.N..U...NEm...\.^q..f}.......{..6.". ...y-.Y...N.*+.M E..`......R.$T

                                                                                                                                                                              Chrome Cache Entry: 367

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (8856), with CRLF, LF line terminators
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):65343
                                                                                                                                                                              Entropy (8bit):5.349555847967283
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:+0tZdapzv4FpZx9ODh/lLo1pHtFwXbsT4g+AiFq7i9C5hDrk+t8d9:JapT4Fvx2/lLJsTHy9C5hDYrd9
                                                                                                                                                                              MD5:25778FB606DC70F2DA32D429F44C2511
                                                                                                                                                                              SHA1:99D83A30ADEEC07C7B81F87F5802A69EC1060954
                                                                                                                                                                              SHA-256:8A51DE3C9DC8D4E4256C3D73B806B46B9109FD0FC3A782926CD9FEE0A24F5E4F
                                                                                                                                                                              SHA-512:7F19857FC6126A7BBC72560D6B819850C63EE61F33F06B458FA67CA9D2697E0EC935BDCC0217AC54B52AC2B83F1FB7E0013F65EDE8B002B452D7864A36F3F63B
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Preview:<!DOCTYPE html>.<html dir="ltr" lang="en-US" prefix="og: https://ogp.me/ns#">.<head>.<meta charset="UTF-8">.<meta name="viewport" content="width=device-width, initial-scale=1">.<link rel="profile" href="https://gmpg.org/xfn/11">.<link rel="pingback" href="https://shieldapps.com/xmlrpc.php">.<link rel="icon" type="image/png" href="https://shieldapps.com//favicon.png" />..<title>PC Privacy Shield - successful installation | ShieldApps</title>.... All in One SEO 4.6.6 - aioseo.com -->...<meta name="robots" content="max-image-preview:large" />...<link rel="canonical" href="https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/" />...<meta name="generator" content="All in One SEO (AIOSEO) 4.6.6" />...<meta property="og:locale" content="en_US" />...<meta property="og:site_name" content="ShieldApps | Security, privacy and performance software" />...<meta property="og:type" content="article" />...<meta property="og:title" content="PC Privacy Shield - successful inst

                                                                                                                                                                              Chrome Cache Entry: 368

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:gzip compressed data, from Unix, original size modulo 2^32 5488
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):2292
                                                                                                                                                                              Entropy (8bit):7.910393209647622
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:XiCd4wMPXX/XZp+Z5g4tZBwzM4BL6KdSGt0Us5CUAxw4myk8xj:SnwMfX/XsXx49IGthEpAKbyXxj
                                                                                                                                                                              MD5:D2E1A7F9BFC0DF40ECACDD8D4D1A5331
                                                                                                                                                                              SHA1:F07090F2D86C7D776B35841B800AB5E29CFBE178
                                                                                                                                                                              SHA-256:8F5F735989E1CBA67F9F1D960CEE3C93E1F3924F5843AA2C198AB435C73D742C
                                                                                                                                                                              SHA-512:83C6644B99B78B6D8FE013622A4905584447223E92A35DE876BE20E626FBD445AC4738AA08EA502F2E9B448FB9CDE707D4B354A1EDA312528BCF8AD85F22880E
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/themes/shield-apps2/js/bootstrap.min.js?ver=6.6.2
                                                                                                                                                                              Preview:...........Rks.6..._As.,......F*....w.d....^o.".D8.....W....>$RQ:.g,.>.=..3........x.\E..~...H..j<.,....O...Wf.h."....ht...E...=X.....U..A..:...p3.A]@U>/g.o..fn..1..f6XJ.P..o^].~w.F.>.lP3..h...\..".9t.*.7K..........\.L|3..Y...oF2..B....%.\-"'.8.(......I.E.]..N.V..9...s.!....+0......#..5......ZcI._....S.....,.Z*.......WF.O7q. .6..x..6...\.._C5w.By.G1.../. H.0...$.......!.$.....d..};.nC...?K9Z.uH7...|.....`.Y..<..|....".;...>.m.....X........d.G7A.-<.I..<.^.x.x*.A."..r.....f.......O.O........G.o...eR..^t..0...*...nO..<PJU.b."...3.].........;B.Ti.v-.$q|%..P.>.........~w`.n*M>....=....J.7.^.G.f....0nz.*.;..gE$..,.:.VGE:..w'..D.k.F......9.=<..Y....1.2.yO].W.|x...ME......;..!I.Hl.7e.;/....2.....NO.Y......B...........t.&.....7.E|./...=;}.....)........!....7.M{...p.*".F..`.j|6d.....^..M.d+..`.n....^.~...j.r......\@.Y..K.t...Os.<.*..&......kY,.........<.3......,../.....%......+....n....[......$.).M.$.$.[..s..L.~.p..p......u....{.ay.3..J

                                                                                                                                                                              Chrome Cache Entry: 369

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:ASCII text, with very long lines (64566), with no line terminators
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):64566
                                                                                                                                                                              Entropy (8bit):4.861816621595226
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:E14BFHaHTyuQ96iX+pWrRN8PsK5mcrbeX2Lvpzezg:C4BFHaHTyus/upWrknrba2Lvp/
                                                                                                                                                                              MD5:7A317F488E00074D91B314142E74D95B
                                                                                                                                                                              SHA1:77125DB1BD891824B47E40E552379E5EB12413B2
                                                                                                                                                                              SHA-256:AD38FA7253A064B84D20B1185E719688B1D36E5151E8987EEE8C2717EBAF10FE
                                                                                                                                                                              SHA-512:AF1F6AE8414D9FBC3E2B53AB80114670C845B6A7BE5A5CE290AFCE183344BD69D127CABBC3925FDC4D818810228335F8182D1BE1546DE9EC3EADB1B7962F4861
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/plugins/formcraft3/dist/form.css?ver=3.8.24
                                                                                                                                                                              Preview:@-webkit-keyframes loadAnimate{0%{-webkit-transform:rotate(0);transform:rotate(0)}100%{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}@keyframes loadAnimate{0%{-webkit-transform:rotate(0);transform:rotate(0)}100%{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}html .powered-by-slide{position:absolute;bottom:0;left:12px}html .pre-populate-data{display:none}#fc-form-preview{position:fixed;top:12px;left:10px;padding:9px 14px 8px 14px;color:#555;border-radius:2px;background-color:#fff;box-shadow:0 0 0 .5px rgba(0,20,40,.1),0 2px 8px 0 rgba(50,55,90,.2);z-index:999;font-size:95%}.fc-form-tip-cover{position:fixed;top:58px;left:10px;color:#555;border-radius:2px;font-size:95%}.fc-form-tip{display:block;max-width:300px;padding:9px 14px 8px 14px;color:#555;border-radius:2px;background-color:#fff;box-shadow:0 0 0 .5px rgba(0,20,40,.1),0 2px 8px 0 rgba(50,55,90,.2);z-index:999}.formcraft-css .rtl,.rtl .formcraft-css{direction:rtl}.formcraft-css .rtl .fc-pagination .page-name

                                                                                                                                                                              Chrome Cache Entry: 370

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:HTML document, ASCII text, with very long lines (815)
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):3501
                                                                                                                                                                              Entropy (8bit):5.383873370647921
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:EI5cZUiKliCJ86U+QTEVWfeLwTauSEegdkZ5edOIC:EI5hiWNJ8kQTEVWfeUauRfdkZ5edO1
                                                                                                                                                                              MD5:147FD3B00C22BA9C939712E9213C24CA
                                                                                                                                                                              SHA1:3B48369B86FA0574F35379AACD1F42CC9C98A52B
                                                                                                                                                                              SHA-256:70F5B11C1870CF90201A6D5F770CA318A3FA5827C74A8765EDE22B487F7D4532
                                                                                                                                                                              SHA-512:E8419A71232EDAC8FD131446777F7D034B3171EFE07B3267479B439E4982650DB65A0D1DDC9F516315D5ED1B01ECFD2F7EB55D75D44AA51EE0AD494D441586D2
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fshieldapps.com
                                                                                                                                                                              Preview:<!DOCTYPE html>.<html>.<head>. <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon">.</head>.<body>. <script>.'use strict';class m{constructor(a){this.j=a;this.g={};this.h={};this.i=0;this.id=String(Math.floor(Number.MAX_SAFE_INTEGER*Math.random()))}}function n(a){return a.performance&&a.performance.now()||Date.now()}.var p=function(a,b){class d{constructor(c,g,f){this.failureType=c;this.data=g;this.g=f;this.h=new m(n(f))}s(c,g){const f=c.clientId;if(c.type===0){c.isDead=!0;var e=this.h,h=n(this.g);e.g[f]==null&&(e.g[f]=0,e.h[f]=h,e.i++);e.g[f]++;c.stats={targetId:e.id,clientCount:e.i,totalLifeMs:Math.round(h-e.j),heartbeatCount:e.g[f],clientLifeMs:Math.round(h-e.h[f])}}c.failure={failureType:this.failureType,data:this.data};g(c)}}return new d(5,a,b)};/*.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0.*/.let q=globalThis.trustedTypes,r;function t(){let a=null;if(!q)return a;try{const b=d=>d;a=q.createPolicy("goog#html",{createHTML:b,createScript:b,crea

                                                                                                                                                                              Chrome Cache Entry: 371

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:ASCII text, with very long lines (2343)
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):52916
                                                                                                                                                                              Entropy (8bit):5.51283890397623
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:oHzaMKHBCwsZtisP5XqYofL+qviHOlTjdNoVJDe6VyKaqgYUD0ZTTE8yVfZsk:caMKH125hYiM8O9dNoVJ3N48yVL
                                                                                                                                                                              MD5:575B5480531DA4D14E7453E2016FE0BC
                                                                                                                                                                              SHA1:E5C5F3134FE29E60B591C87EA85951F0AEA36EE1
                                                                                                                                                                              SHA-256:DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
                                                                                                                                                                              SHA-512:174E48F4FB2A7E7A0BE1E16564F9ED2D0BBCC8B4AF18CB89AD49CF42B1C3894C8F8E29CE673BC5D9BC8552F88D1D47294EE0E216402566A3F446F04ACA24857A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://www.google-analytics.com/analytics.js
                                                                                                                                                                              Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var n=this||self,p=function(a,b){a=a.split(".");var c=n;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};function q(){for(var a=r,b={},c=0;c<a.length;++c)b[a[c]]=c;return b}function u(){var a="ABCDEFGHIJKLMNOPQRSTUVWXYZ";a+=a.toLowerCase()+"0123456789-_";return a+"."}var r,v;.function aa(a){function b(k){for(;d<a.length;){var m=a.charAt(d++),l=v[m];if(null!=l)return l;if(!/^[\s\xa0]*$/.test(m))throw Error("Unknown base64 encoding at char: "+m);}return k}r=r||u();v=v||q();for(var c="",d=0;;){var e=b(-1),f=b(0),h=b(64),g=b(64);if(64===g&&-1===e)return c;c+=String.fromCharCode(e<<2|f>>4);64!=h&&(c+=String.fromCharCode(f<<4&240|h>>2),64!=g&&(c+=String.fromCharCode(h<<6&192|g)))}};var w={},y=function(a){w.TAGGING=w.TAGGING||[];w.TAGGING[a]=!0};var ba=Array.isArray,c

                                                                                                                                                                              Chrome Cache Entry: 372

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:HTML document, ASCII text, with no line terminators
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):13
                                                                                                                                                                              Entropy (8bit):2.7773627950641693
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:qVZPV:qzd
                                                                                                                                                                              MD5:C83301425B2AD1D496473A5FF3D9ECCA
                                                                                                                                                                              SHA1:941EFB7368E46B27B937D34B07FC4D41DA01B002
                                                                                                                                                                              SHA-256:B633A587C652D02386C4F16F8C6F6AAB7352D97F16367C3C40576214372DD628
                                                                                                                                                                              SHA-512:83BAFE4C888008AFDD1B72C028C7F50DEE651CA9E7D8E1B332E0BF3AA1315884155A1458A304F6E5C5627E714BF5A855A8B8D7DB3F4EB2BB2789FE2F8F6A1D83
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://td.doubleclick.net/td/ga/rul?tid=G-V0DL3XBK82&gacid=1954789622.1730307161&gtm=45Pe4as0v896163840za200zb813187311&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101533421~101823848~101878899~101878944~101925629&z=325251096
                                                                                                                                                                              Preview:<html></html>

                                                                                                                                                                              Chrome Cache Entry: 373

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:Web Open Font Format (Version 2), TrueType, length 18588, version 1.0
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):18588
                                                                                                                                                                              Entropy (8bit):7.988601596032928
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:WF9srt3EJfKy7iOpqErJeqQhzsaZqPTPabcoqYdBTKYPvS9BlTf:Wn6UhKYieqAiPQTwclYQLlTf
                                                                                                                                                                              MD5:115C2D84727B41DA5E9B4394887A8C40
                                                                                                                                                                              SHA1:44F495A7F32620E51ACCA2E78F7E0615CB305781
                                                                                                                                                                              SHA-256:AE0E442895406E9922237108496C2CD60F4947649A826463E2DA9860B5C25DD6
                                                                                                                                                                              SHA-512:00402945111722B041F317B082B7103BCC470C2112D86847EAC44674053FC0642C5DF72015DCB57C65C4FFABB7B03ECE7E5F889190F09A45CEF1F3E35F830F45
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
                                                                                                                                                                              Preview:wOF2......H........ ..H8................................|.`..J.\..<........-..Z...x.6.$..0. .... ..S.7.5..K!.;..../.`..Sn.J.e.52P.(.....=9....f.....$...*.fZ.p...N...t....6.lfS.Ju.i.o.g..<....T"O.o..4..4....M/N.>.K..."[.P...W.u.>]................A.9z....IN^....z..Y.{....m=...+X9<?.......(IA*G8rD....52L0.p .EJ..p....=.......[U...pz..g...../L.U.......P..W.U..q$L..6......C.M.0..R..........D(.ilX.Y..SZ.R...Q..j.6.@\."|.l......3....,.T.....L...ap0......6.j.\&O.z`*.$.*_+vwnr...,....?W.T....!.J...L#%.......A}........\.....l...:....U..u.J.0....O......&.!.)4.V..:.}.0f....:W......?U.....%...b...!....yA.sw.....5..T .}{.t!F.G....{"..pQ.S.v.S....t......U.Y|.v.@....|..(..V.........^....../.7......K......J.Uq/L.T-.`.O........;........';vWq.+....J...J..p.....sB`(1LC.k....?Z{...v>dS....F..........\.....UetU........6.V...vE....._.../...%.q...^.l...>^.z..l..p....j..@H...`X.p...KQ. .<@...I...BF.......L..6...y.2=.P....8;..@`.m.....R.B.L.r.*T.T..l@.6.Y....}g.....F.n...

                                                                                                                                                                              Chrome Cache Entry: 374

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:ASCII text, with very long lines (32065)
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):85578
                                                                                                                                                                              Entropy (8bit):5.366055229017455
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
                                                                                                                                                                              MD5:2F6B11A7E914718E0290410E85366FE9
                                                                                                                                                                              SHA1:69BB69E25CA7D5EF0935317584E6153F3FD9A88C
                                                                                                                                                                              SHA-256:05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
                                                                                                                                                                              SHA-512:0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://code.jquery.com/jquery-2.2.4.min.js?ver=2.2.4
                                                                                                                                                                              Preview:/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

                                                                                                                                                                              Chrome Cache Entry: 375

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:PNG image data, 642 x 636, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):174988
                                                                                                                                                                              Entropy (8bit):7.99021922717192
                                                                                                                                                                              Encrypted:true
                                                                                                                                                                              SSDEEP:3072:nSjA0wAiB7nnip4ywUAR4/NOFEO+f/18ES+bKFiEK2tlBTWlOW9GrV5rVQ8NUS/g:ncijB7nniDAmmEltHbv21WR90JmgE3
                                                                                                                                                                              MD5:C8BF6BFD1C31AC14C9DEBC413EB9E270
                                                                                                                                                                              SHA1:51327BF6C9E6E716DB3604CFD588CCA5331C60C9
                                                                                                                                                                              SHA-256:B2400793E84CEB5C0BDBBB3A22E284A9D29C58CD80C16EB05EC0BF443AC80165
                                                                                                                                                                              SHA-512:3B6271F8A7480BDAE350E94EC415AAF9AF34F8E2A30A113AAE19EEA637BA9C11DEB03999979A26510A30B0506A4C6F0838C23A19AA0AF905C7163B1CA41C2D29
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/uploads/2020/03/box-vpn1.png
                                                                                                                                                                              Preview:.PNG........IHDR.......|.....jh.|....pHYs...#...#.x.?v...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                              Chrome Cache Entry: 376

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):1712
                                                                                                                                                                              Entropy (8bit):7.697126806441883
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:27/6+D/2mDMA/cBwKw+5jLfS6B+mXwAjEd06VH7:27SMPDMAkBw6Td+Iwh
                                                                                                                                                                              MD5:3817A42E16BAAA8576A25441CE0B34F5
                                                                                                                                                                              SHA1:30F747F0DEC4FA8BAD501E8659B01C023CA68114
                                                                                                                                                                              SHA-256:48D9EBAB779733DA6C1BA810E109FD3D243BDBB27D2029337B6F4020DB4436DF
                                                                                                                                                                              SHA-512:7F3DE595B8094B05CCA4B5BD816DEDC59C96E52BDFCD86120BECA17FD1CF6F271F8DAC60970EA10EA6C202E0450201A99432AC9EF4D83771C3D346BC5C3092A1
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com//favicon.png
                                                                                                                                                                              Preview:.PNG........IHDR... ... .....szz.....pHYs.................tIME........k......tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning........tEXtSource.........tEXtComment........tEXtTitle....'...{IDATX..W[lTU.]..;3.i...E.............cMC..M?|..$..1.I.....B$...<B......"mi....>(.GKK...l?`..t....+.........{.;C....yhE.p.W..K.5l..q.]..M.s/\..g......4.Vk.6.....6'R.P..F.............'./.T......B......%dX.f...../..>.~j.%.i.A..SJ...I.C...sv}....n..:......-..f..L.&).h.....N../..3..*.."D....@..*.'........T.. g..)..$-.$-.3X..U.. ..4...;..V..].....4.&.a$3..0..,DgM.?/on>.W...7^..d.0.......4I....d0.......z.-+..Qm.m5....+.FMsB....mm.C..M..(...A...2.>=.E^[x...".p..q.g~K.u._.\__]....h/.-............;..g......E<.....K.>yi...$!....#......2..$...{.....D!....A..b.c........*+k..%"...V...R.mD`..............tn..........f.fNw...nW3......J.F.x.b./...\.~.BL...B..}...._fO..',..{.....G

                                                                                                                                                                              Chrome Cache Entry: 377

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:ASCII text, with very long lines (3698)
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):261394
                                                                                                                                                                              Entropy (8bit):5.558896300693399
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:R5wiztGbETratoZy0V5CptDY8/I8+yr/OUYhcDmKD0C8Gp/rG:fGbg+toHM/GUTx0C8Gp/q
                                                                                                                                                                              MD5:223FF1C9F8037055F4C5D30DF366BE01
                                                                                                                                                                              SHA1:3B499E69F41F403507756679CCE90892E4F428C0
                                                                                                                                                                              SHA-256:DD71681DF950C84C4C805EBFA4D3003C89BCEE6D14AF053A398E2D27025D3FB0
                                                                                                                                                                              SHA-512:94390E05B2380E53208D35ABD418C21E2178B6D20FC8AF5D6279581E717F1C5387D8338850D85C5AC3F73F49F5C279C77068345525AA865D0586218ED1BF1F17
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://www.googletagmanager.com/gtm.js?id=GTM-M9Q7LGW
                                                                                                                                                                              Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"3",. . "macros":[{"function":"__e"},{"function":"__u","vtp_component":"PATH","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__awec","vtp_mode":"AUTO","vtp_enableElementBlocking":false},{"function":"__u","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__awec","vtp_mode":"AUTO","vtp_enableElementBlocking":false},{"function":"__awec","vtp_mode":"AUTO","vtp_enableElementBlocking":false},{"function":"__u","vtp_component":"URL","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__u","vtp_component":"HOST","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__f","vtp_component":"URL"},{"function":"__e"}],. "tags":[{"function":"__gclidw","metadata":["map"],"once_per_event":true,"vtp_enableCrossDomain":false,"vtp_enableCookieOverrides":fa

                                                                                                                                                                              Chrome Cache Entry: 378

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:PNG image data, 642 x 636, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):233034
                                                                                                                                                                              Entropy (8bit):7.993115625911313
                                                                                                                                                                              Encrypted:true
                                                                                                                                                                              SSDEEP:3072:STxFPaKcgKW3UIDUkuzaCft3Ih/GKj1VYCoZXt1oaMP7rRxLcTNQ+yyG8x57NoAL:S3PaKfKnY+zaZGhCoBeP7myauEUeJF
                                                                                                                                                                              MD5:0B45CAE7DADF82788B8CBD660A57D774
                                                                                                                                                                              SHA1:4DC114500CE76FC536C45D666535F82D18739938
                                                                                                                                                                              SHA-256:6B014C49FA216C5E69038FC39F32593F95E9D9276C5E6DC755F1995BAAA8A35D
                                                                                                                                                                              SHA-512:882DCE8CD2EE3D28A69AEDC4DE815A449F0979BCC902C3F3B8B93EA9B03D7B3BBD033348C6225D689EF6497DBB16DB12DB69B5A6054485B6E5A4053974F25474
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/uploads/2016/03/box-ransomware-defender1.png
                                                                                                                                                                              Preview:.PNG........IHDR.......|.....jh.|....pHYs...#...#.x.?v...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                              Chrome Cache Entry: 379

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icomoon
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):3316
                                                                                                                                                                              Entropy (8bit):5.976612115514861
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:zS9Snb4g9Dpl1iwhx4sAcGx+6rSq+IlPV2DG:QSnb4GlwwDAz+6rSqnlPV2K
                                                                                                                                                                              MD5:35854DBE57E980D943B8AE6B2D082A16
                                                                                                                                                                              SHA1:C03938B7D3C39DB8CD57338BFE8953576881130D
                                                                                                                                                                              SHA-256:55068CE9FF2B40876A87582825102DA72E64F571595B3A601B82F7E3ED010DF5
                                                                                                                                                                              SHA-512:E0C0A5FBD45E052A9D2641145E6074530D06C0745695D33E25A99F416402D54FF8D1A7D26A64E8FE6914E5E073451C96BBD1DE493EB904BA825E39B33B89812A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/themes/shield-apps2/css/icomoon/icomoon.ttf?dzxhyb
                                                                                                                                                                              Preview:...........0OS/2...........`cmap.V........Tgasp.......p....glyf(......x....head..[G...T...6hhea...........$hmtxD..........Ploca.T.H.......*maxp...O...,... name.J.....L....post........... ...........................3...................................@.........@...@............... .................................8............. ........... ................................................79..................79..................79.......f...............#"...3.4&#.#"...3.4&.#"...3.4&.ff.......f......f...........f.........3....................@...@...'.3..."..10..32>.10..."..54>.32.......4632....#"&..j..PP..jj..PP..j5]F((F]55]F((F].K55KK55K.@v.vz.zz.zv.v..(F]55]F((F]55]F(..5KK55KK......%.....n...H.........+."'&5.&547632..........#"'&'&'&#"..#"'&5.4767632....3276767632....%...%...$.......I...{X"$$..((*m........!.i=65H...$$.........%*..,.........*......%.L....B......S..........E..!.....................................35#.35#.35#..!5.!5!.!5!..........@...@...@...@......................U.*.+..

                                                                                                                                                                              Chrome Cache Entry: 380

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:PNG image data, 1300 x 4, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):6420
                                                                                                                                                                              Entropy (8bit):7.956161172260546
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:PZ/I09Da01l+gmkyTt6Hk8nTaT7wjxUqjTSZaE24mCSyeN2hZs4HVXUgt0:PS0tKg9E05TGWxbjmwFL2FH6q0
                                                                                                                                                                              MD5:B9D0CFA92F8DD1BB5A8936A8DA5EEEE8
                                                                                                                                                                              SHA1:6DE68AEAFD0F32AEC26CABD672F3BA4BAFA9B74C
                                                                                                                                                                              SHA-256:A42785CF96B7A12722EEAF3AEF85F608A3B60DC3D975F6325B8605B49AAF511D
                                                                                                                                                                              SHA-512:E0F396BADAC6EF5268AA622D5CF8142071C4F53F48A085BCC59E48EE62F1199BBB8AB801897D1B41FC02ADA1B11A17E90F1013505B07F2DD00C7C355FCADDE02
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/uploads/2019/08/color-line.png
                                                                                                                                                                              Preview:.PNG........IHDR.....................pHYs...#...#.x.?v...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                              Chrome Cache Entry: 381

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:PNG image data, 642 x 636, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):189682
                                                                                                                                                                              Entropy (8bit):7.991377949836972
                                                                                                                                                                              Encrypted:true
                                                                                                                                                                              SSDEEP:3072:qFxDsAcPluFsrEb7TmNnOpJROXMQtn46fOzOAmH7e6rgiYLKzJ3Aq:o0ceEbCnOpJ080nvvyqJ3Aq
                                                                                                                                                                              MD5:03E778F4DAB065353F60FC85390C5A04
                                                                                                                                                                              SHA1:377FF73C744921F9F504296618EC97B8429EA38E
                                                                                                                                                                              SHA-256:CAB18AABCDE0141463BCA5ECDAC18F9EC8F86717E7425F2A521389EE9FABFAF4
                                                                                                                                                                              SHA-512:F21A4F19723E14AFE15F64BC2C692E1FD634C2AC66FF00FEC84F790C0E6EB657D7E71CFF27409AF7DBB98958A41397C64B8A6764B66FB735062DF60904129EFE
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/uploads/2015/05/box-ShieldApps_Webcam_Blocker1.png
                                                                                                                                                                              Preview:.PNG........IHDR.......|.....jh.|....pHYs...#...#.x.?v...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                              Chrome Cache Entry: 382

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:gzip compressed data, from Unix, original size modulo 2^32 103
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):107
                                                                                                                                                                              Entropy (8bit):5.749755454266052
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:FttXzv+OrAMwvr4YoSDHpgHFlNB8wUL0VKLpfySyl/:XtjvxrAlvrvogpglx8hL0VYO/
                                                                                                                                                                              MD5:8868E8423AF10ACE6DA27AED75B3BD40
                                                                                                                                                                              SHA1:5B701C4DBE11EACCB0378E8E89D1E52947329251
                                                                                                                                                                              SHA-256:A230DF5AB1ADDBE898E228B7F1A8F744C93A4BECA48F8B55A8299B630C9B4BCA
                                                                                                                                                                              SHA-512:6C9AA3750636F04126B093E99C5B24870EDE8FDAAAB5964B71548CEB68F7AE7BF9E6DDFCEF56EC49A68CD50B309753FCF9EDF7105844668DF7221C675FFE348A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-json/complianz/v1/banner?lang=en&locale=en_US&token=onhno
                                                                                                                                                                              Preview:...........VJ..+N.+).,HU.R./(./-Q.Q*JM........ye.E.......!P$-.(9.5/1)'5.$..X.*-1.8UG))1//.(....@....7Jg...

                                                                                                                                                                              Chrome Cache Entry: 383

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:ASCII text, with very long lines (57765)
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):112427
                                                                                                                                                                              Entropy (8bit):4.925295015861728
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:pZeJWfZglWQg5MG7+qehN2pUkxWLZQql3Pq:pZeJwkWQg5MG7+qehN2pUk4LaU3Pq
                                                                                                                                                                              MD5:319580D7D8944A1A65F635E0D11E5DA5
                                                                                                                                                                              SHA1:E23BC18EF1B0F78F7010E3C16E4C5E1F333248BD
                                                                                                                                                                              SHA-256:FB3A89CC6347E098063BD15F285BC90411846DDCE6F17812364FEEDAB67A67F5
                                                                                                                                                                              SHA-512:743825EAEA11208277528E506C115EC786AB060095AE4250C65A9B02FE9E5CB2AC5AC386532486A2678B9615490CE75BA096A9FD2041200989AD07A726B5D9D0
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-includes/css/dist/block-library/style.min.css?ver=6.6.2
                                                                                                                                                                              Preview:@charset "UTF-8";.wp-block-archives{box-sizing:border-box}.wp-block-archives-dropdown label{display:block}.wp-block-avatar{line-height:0}.wp-block-avatar,.wp-block-avatar img{box-sizing:border-box}.wp-block-avatar.aligncenter{text-align:center}.wp-block-audio{box-sizing:border-box}.wp-block-audio :where(figcaption){margin-bottom:1em;margin-top:.5em}.wp-block-audio audio{min-width:300px;width:100%}.wp-block-button__link{box-sizing:border-box;cursor:pointer;display:inline-block;text-align:center;word-break:break-word}.wp-block-button__link.aligncenter{text-align:center}.wp-block-button__link.alignright{text-align:right}:where(.wp-block-button__link){border-radius:9999px;box-shadow:none;padding:calc(.667em + 2px) calc(1.333em + 2px);text-decoration:none}.wp-block-button[style*=text-decoration] .wp-block-button__link{text-decoration:inherit}.wp-block-buttons>.wp-block-button.has-custom-width{max-width:none}.wp-block-buttons>.wp-block-button.has-custom-width .wp-block-button__link{width:100

                                                                                                                                                                              Chrome Cache Entry: 384

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:Web Open Font Format (Version 2), TrueType, length 18596, version 1.0
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):18596
                                                                                                                                                                              Entropy (8bit):7.988788312296589
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:h5D5WUhNanar/Z19V6iGCYIqoPfHwfr13GPgqbrxremyFKKWB:h/NaOrBGCYIBPfQD1xqPhl
                                                                                                                                                                              MD5:C83E4437A53D7F849F9D32DF3D6B68F3
                                                                                                                                                                              SHA1:FABEA5AD92ED3E2431659B02E7624DF30D0C6BBC
                                                                                                                                                                              SHA-256:D9BADA3A44BB2FFA66DEC5CC781CAFC9EF17ED876CD9B0C5F7EF18228B63CEBB
                                                                                                                                                                              SHA-512:C2CA1630F7229DD2DEC37E0722F769DD94FD115EEFA8EEBA40F9BB09E4FDAB7CC7D15F3DEEA23F50911FEAE22BAE96341A5BACA20B59C7982CAF7A91A51E152F
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
                                                                                                                                                                              Preview:wOF2......H...........H=................................|.`..J.H..<........>..Z...x.6.$..0. ..~. ..)...%.m..t.D<...U.c....D....@........@e..a..R./<...p..q..q....S<.nm...X..(ER....e.....O.?Q_..FYH......ml.E..?;X0>.f.Y.,.n.a...._h8c.006U.cS..3.m.Or..I9..5.;.=..'!..c.O...W.K..f....k..&Xq..Y?.r...%.S..y.:q*.......u*D.d.R..'..Q,L.... e`..=?.{...e%{.....3+$.....NkF2...... ._}..2]....,.F.u.S4O.~w).G..../]}6.nVwKj.h@........5.7P....i..r........U?.........q..Cm......g...\.zu.....P..|....5G$...4k$..L..g..".y..?..6...O...e..@..0TYh..v........M.....#B...O.i.G$.Bq..m.A.s~...A...c.....25K.....B..<..w.A....G.O...A......A,y"q....q<....N..{Ta..!.|vzo.;9.5>.>....7I.i.Ld.4..y...].g.....'m_(...O-..}.K.(....R..2.q.z9.D..]..$.#$.:x..:{..m.OF...K[J. ......lpH.#%V....4.;l.<..J.6.T..a...I..|..zj.k.-...y...#..e.1,s....<.HX.....z{L....'.$. "..tY..m.<.\8P. a.......x.W\.b.%...RA.\.... M.......v1......#...............`.c..%.Nc.d.qP.68....$<.O.S_7...U.].jn>@.3.c..wO..>.>a.qg....\..kb.

                                                                                                                                                                              Chrome Cache Entry: 385

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:Web Open Font Format (Version 2), TrueType, length 33804, version 1.0
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):33804
                                                                                                                                                                              Entropy (8bit):7.993813164508103
                                                                                                                                                                              Encrypted:true
                                                                                                                                                                              SSDEEP:768:Rr1wGXQjui63Kbhfj+uoyjZt45ojY6BdOmzwXsLoetPvt:F6GgjK3Kbdquo63Mo06rzEsLvBvt
                                                                                                                                                                              MD5:E08B67CD99F558C6213B240EFBE522DA
                                                                                                                                                                              SHA1:61F3F067DED53DB9BEF888A54E169C8E77897C7C
                                                                                                                                                                              SHA-256:710837BBD0F471356C5EA8FA53770A38AD6E4CCB135168C90FDBC0F33AEF0AD3
                                                                                                                                                                              SHA-512:C0F5E3AD05ECFBDD7A4942E58E7B8B583EF8340B18A79DCB703958D84F298DAF85304229F5109033BE4A7018283308431F9C6A6ACD6CA26835F725884E1B18B3
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://fonts.gstatic.com/s/bitter/v36/rax8HiqOu8IVPmn7f4xp.woff2
                                                                                                                                                                              Preview:wOF2..............+...............................-...J..0?HVAR..?MVARD.`?STAT.8'2..H/l.....X.._..~.0..r.6.$..v. ..V.....['.q......*....\..m....d }.......< ...........k`n.g.j.?.I...Gw...3.[.6v..8f!..Q...=..@.*P.4.9.......41L..J^..;tL/...T.N..E..rt..;.h....t..$..>.@...e_o..v.>t.t....o. ..._J.y...z..7......m...$<.....z...c...../.P^._.;..g}.Zq%.......w.K.$..1.... ...AJ!..J.QF..E....c.ul....u*.!..%iC?e...P[i..2..h,.g.N....lv7.`.6B...S.........B...T]...s.G........$XBB....q..BB....B.v...v.N.....:..u.....s..Y_/.F.{;.s...`.. ...8...g..U.6.vo{..'*OR...)y...'..&......{.g.V..)I.k...X..b.$..CEk`.0...........6.t..y....8..D...dR..cq.*X.w.;..{3v.vWN..D..X.)..SZ..H......0<m...5.a."...3...T..J..i..M]..j.._.r...p..e1gbg.3....+L.0.y.j.O........{.)]'5......T...1^....r.d...%.l6...H:..'.s6 .>..I_...8........e.q)......"...+...T\..9%.7....).=]"8....2.4.|SK:_?.X.{e..j...;...t.\ai.;.<...%M.....ie.R.KX..xJ.....4..... (0..S?....d.Z...Q.+..}o.............Z.!R...........

                                                                                                                                                                              Chrome Cache Entry: 386

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:Web Open Font Format (Version 2), TrueType, length 18492, version 1.0
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):18492
                                                                                                                                                                              Entropy (8bit):7.988005025098439
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:jHq3alnVfBJBuMlPGCh9NBRLS64LRb0v5waXf0BFY0/rJ8Zw4bzUQb:jHqKf5JMOPdzNPLS64laxsFY0t8XcM
                                                                                                                                                                              MD5:7FDA4C62C1BDEAE7A08E6FD438104BAC
                                                                                                                                                                              SHA1:B1F626E78F5F6D7BE993303A49EB81F0FA4CE57C
                                                                                                                                                                              SHA-256:4DBD328E347E890A801D51F9A5F8D38A3EFD51EC34C0AA22CC83D0A95D6D9D71
                                                                                                                                                                              SHA-512:C4A36A3C1FF23023533DFF103A108844B7CFE4E793ABA0B1B5576431E77DD6E9EDF29FAD68132577AD6AD55CA7A011A38723DA2FA15D9071D2C6BA4E02D1DADC
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
                                                                                                                                                                              Preview:wOF2......H<..........G..............................Z..|.`..J.X..<.....P..N..Z...x.6.$..0. ..|. ..:...%l.F.......T.mZ..V.n!.53.l.@..N....CD.!f......I.(;..Cw.2L..@....M....(.H*].......1..I&..tE.e....D...}y..6D.h.Z..$y.J.X._....J2 .*(.....=M..+Hd*.Y.6.f.J.z..:.........#.#...3..;.<..q./.,g.tK.Y.Ne.?......1.b.......S.".~..|Q.9.1Q.Y.^....MkF......;v..g(.(S...Z.>...l.XW.Z....-Q.h..MR8$..W(..Wh.0....X..;]3...:..\/..L...L.U...6".h?K.....A.....(2z.uRTn...GaJ......+..4..d...I.[!..Ua..x..4.,@..t....3.e..J._'..R.j.p.t...`.4.......aI,.....W..9V..K..c..... g...:.........'..6.O.0+..;Q..&..e..=..sg......Eg.2.R.M..{{w.{{'4.L.O2.L$) ;..`....PeW..O..iS..e..S.l... .....R.R.+.!.uLUE~...C.JN..J.r...@..g..:.\..;..s.n.s........sq4... ;..N.`.H<T.....p.#2.e....H..T...........1....^......L.....R...R.1.!............E..m_Z~....z..L..j....".q~..Pg!X}1.q.!.n......@.d...._5=..*x.......[.y.#$Q.d.........j...1n.....&...-(N..P\5<.f.qB..|.i...q<.'..C.A...\.i.x.9........1.>....

                                                                                                                                                                              Chrome Cache Entry: 387

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:Unicode text, UTF-8 text
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):134459
                                                                                                                                                                              Entropy (8bit):4.977304173808756
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:9HfHw3zHKHuUN3nWM8CspbhhtrBqfxyaTtrBeoZ2D/feGr6Fy82v:Nw3LKHJNX3UhYQaSQbGr6Fy82v
                                                                                                                                                                              MD5:2E056189403D1A563F30FFF8258F1169
                                                                                                                                                                              SHA1:A8E4CD9F826C54D58453A1DDA5EA929FF0E0F07B
                                                                                                                                                                              SHA-256:EC67CB694178171E1DBE4704A7F3B680069C23A8E24443F2EB87EFF72C43E7B7
                                                                                                                                                                              SHA-512:8F317550A0F2BDFE9258A6E57A3BD6E611C9AF3851EE5F8A4F4C884A278F358BAC450CA87E7828EBC1EC62442C3676C4982D1775FD5784E8795072D1F7BA7BCF
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/themes/shield-apps2/style.css?ver=1.0.1
                                                                                                                                                                              Preview:/*.Theme Name: ShieldApps.Theme URI: http://underscores.me/.Author: PopArt Studio.Author URI: http://www.popwebdesign.net/.Description: A custom WordPress theme made from Underscores framework..Version: 1.0.0.License: GNU General Public License v2 or later.License URI: http://www.gnu.org/licenses/gpl-2.0.html.Text Domain: shield-apps.Tags:..This theme, like WordPress, is licensed under the GPL..Use it to make something cool, have fun, and share what you've learned with others...ShieldApps is based on Underscores http://underscores.me/, (C) 2012-2015 Automattic, Inc..Underscores is distributed under the terms of the GNU GPL v2 or later...Normalizing styles have been helped along thanks to the fine work of.Nicolas Gallagher and Jonathan Neal http://necolas.github.com/normalize.css/.*/../*--------------------------------------------------------------.>>> TABLE OF CONTENTS:.----------------------------------------------------------------.# Normalize.# Typography.# Elements.# Forms.# Naviga

                                                                                                                                                                              Chrome Cache Entry: 388

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x217, components 3
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):40245
                                                                                                                                                                              Entropy (8bit):7.919317445809249
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:nJ45UqVzt2NOhDiVj0t2JoDN5abh6m1DPQL8ElDLunEDtyFqnl:nJ45UqNkNOsit2JorGsqQLrRLgql
                                                                                                                                                                              MD5:19F1C3A0E4522C48BF629B0BBD60B7A4
                                                                                                                                                                              SHA1:B71512767E6CE21B47D8DD7FB4FC5A9A704EE274
                                                                                                                                                                              SHA-256:28A17625003C3E7863A1608FDDD0AC9F9D430D99E5878A77CB6DA6916BB7A8FF
                                                                                                                                                                              SHA-512:A0C4E3FD46668CC6E434088A207C8421A460FB413E0C90D6AE7E22AFA75411376B950D5185E0D75F28A03BEE5E18FDE02782A2D691F07A792CF178086F06BEE4
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/themes/shield-apps2/images/about-bkg.jpg
                                                                                                                                                                              Preview:......Exif..II*.................Ducky.......P.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:E3DFCB3EEB6711E5927081C5EB39C277" xmpMM:DocumentID="xmp.did:E3DFCB3FEB6711E5927081C5EB39C277"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E3DFCB3CEB6711E5927081C5EB39C277" stRef:documentID="xmp.did:E3DFCB3DEB6711E5927081C5EB39C277"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................

                                                                                                                                                                              Chrome Cache Entry: 389

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:PNG image data, 225 x 56, 8-bit/color RGB, non-interlaced
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):12488
                                                                                                                                                                              Entropy (8bit):7.943410854936583
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:MBrJGExI4jtmZ5hnulsJ4nsknAHW5jMBoCq21:AYAt+hnuG4nTA5ov21
                                                                                                                                                                              MD5:3278C2F9DB267156916735C9A45EC3C6
                                                                                                                                                                              SHA1:113D9A5C3AF4AD2487D240FB9D727F305567E217
                                                                                                                                                                              SHA-256:ECE326485C2EFF6A422D8BC2670103804EAD7A8C2E83459CB468865CFFA7A47B
                                                                                                                                                                              SHA-512:A02FBEA6A32D154340BC3EA25E52A43D7E27F1BB8CEE840AEE00E5481AFF1707404EEE8BE2C38974ABBA58DA844A49E743543BE1AA3F29A2E9999C11DDC9BFD5
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/themes/shield-apps2/images/shield-apps-logo.png
                                                                                                                                                                              Preview:.PNG........IHDR.......8.............pHYs...#...#.x.?v....tIME......1..}.....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning........tEXtSource.........tEXtComment........tEXtTitle....'.. .IDATx..]wT....g..-t.R.....B.E.`...k.1...yv.....XP.D.v...b.(U@....M9..........z...5.3g.{......B../.......|.'..F..?...u{S.>..%._.T%S.C.-]?...4h..b./^...W%=.R...HJ.$.~S..&.........O....Y.F.K.?.o.`....0..#...`YUF.:#CnlL.h...$j.../R..|.|.F1...L.]u.sNEc\..F.U....R:5...u...^p..K.BG..g._.?.:i4..;yS}?.-(.8\{..s.N,&i.b.........e..e..@.....W.=.........P..(.!#.9q.......P$x:P}.J.8ptA...)....2..g...u...].....y._.?..4...=s[}/.}+..2N...ZZ...b7...._..r9~.L}..*5U]UU..==..U..-..!D...277799933.....D"............A.f.......W.Z.R.T*.Z.V*.4M/_....A...7o....K..o...u....AFF.......\..H$.7n4...~.....j.........2........3;..s...!B.....B.. r.!.j..8..{.nQQ.3g~...wOO......9v.*).)...*.r....7.nI.......8.>F......

                                                                                                                                                                              Chrome Cache Entry: 390

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:gzip compressed data, from Unix, original size modulo 2^32 18726
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):5365
                                                                                                                                                                              Entropy (8bit):7.9602164726777165
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:fwhzMqAM7qao2UF+27umaGgM0s4aTbMuiuVz+oqzQKgAzH:oKqAM742UF+2AvxsNvMcVoQKHzH
                                                                                                                                                                              MD5:24A94007C161DB09050B009B8F41A179
                                                                                                                                                                              SHA1:6B532587619F627E2090D26B6841343A7A0045E9
                                                                                                                                                                              SHA-256:DB5FCF0124FA6FEA5704C10FD2782F61769F950A289B6C5E5E25697BC5C3FC51
                                                                                                                                                                              SHA-512:03DEC7C095C65B6238ECBB61DB5DDDA0533CAC5668E5E1B5CCE9356C5715552E31DDE5EBAF6786D7CD8C0FEE4361CE45895BC62728825128877327CDAED27071
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-includes/js/wp-emoji-release.min.js?ver=6.6.2
                                                                                                                                                                              Preview:...........Ris.H.....L....q..i......vw....d.F.*.....8,.E........A[..c.*.e..7..I..eV.x.CO...).3(."....?....e[Q.....y..~...5\..3.*+...._H.[]%.-h...n.jm....2.h..s.....v.4.z<.R&.....*..........k...-........7.X...L3...A..7...4.!....DqS._.j..*..J...Y.7.2.%.lP.%I.u.%..9.j..htf:.1f....U..^`T.U...<.}..........G.6L?.\.....g..4.r.E.4K.uUV.d..%.C.........yN(.]f9.ot|&yc.8.)?D.l.3....m...o.....b...-%y.....]n...X..l~.\I..0...u...vE!..ZK..&7i.LH.+3M......R..S...{Y...*...4K.F...N...H^/.|..^./XEf3..h..5..GF3.#.zuE.g*?...-.FL....e0..$./..U9....s..O..[Y.....kBGq9p.$..........S.jY.._.......7fe`...=.Q3.+...X.Y..R.h......,.....ud..Bk...b.T.F..6I.Z9...r"....`b.$. S..#. .)D.G.b.[..1v...Xh.0......+.MM.j.......R.Z...gy....A7...~..%....S...|).....<.w..v."..8b8V.V.a..H.oW.....W7....|j6b...H.Y%..Lf.....Cp...YR...b.J..".9..L...U..^ef.yb..Y&.=5k.......r..I.........T.T.[/...{?]...V)T..J.Nfa..^.T.6................0]y....I!C.%d...b).tjL....f.X.h..MR.f+.

                                                                                                                                                                              Chrome Cache Entry: 391

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:PNG image data, 642 x 636, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):201990
                                                                                                                                                                              Entropy (8bit):7.993191043586399
                                                                                                                                                                              Encrypted:true
                                                                                                                                                                              SSDEEP:6144:h4k4gAbHXqSAGRzq9V27Cp74dr2fJDfZt8VEndJEHy:hug+AGhqb2+xbZsEndJES
                                                                                                                                                                              MD5:404F6ECDFD2B8B83A3810AF27B69C11F
                                                                                                                                                                              SHA1:D5AB875F4E9EC6F2CA30ABEDF8932A495ADA949B
                                                                                                                                                                              SHA-256:CCE7DDE7F6D52CCDFE4EBC3349AA0C1F1811B1A51BEAFDFD2FABEFCB314EB5ED
                                                                                                                                                                              SHA-512:57535FAB307F9B90DBC27ABF4B6582BA3B6EA77034BB8B5C9220D46F50FB397E7867C816307FF7EF14ACFE204BF41E94A68194BA3DC1430E46E49EDD51D99A1B
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/uploads/2016/03/box-pc-cleaning-utility1.png
                                                                                                                                                                              Preview:.PNG........IHDR.......|.....jh.|....pHYs...#...#.x.?v...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                              Chrome Cache Entry: 392

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:gzip compressed data, from Unix, original size modulo 2^32 104829
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):43962
                                                                                                                                                                              Entropy (8bit):7.991042389852555
                                                                                                                                                                              Encrypted:true
                                                                                                                                                                              SSDEEP:768:RrE5KkWLRB9YwoDoXH5zE7kMIsd/Aj/kVBfwK1CbvUeuI6Mk4I+oOKQJtR:RrEIkM9ocXHZgz/AbY1gvz66hoXQJn
                                                                                                                                                                              MD5:5281193200C9CFF2675D01FA608D7ACC
                                                                                                                                                                              SHA1:7AF332902D30C5BB95E38D733E8DE073669D89C9
                                                                                                                                                                              SHA-256:CF7CD2E214C0A771D26D3D4C97D62CCCFB288EA1AD5F0BCFA712334925527FF3
                                                                                                                                                                              SHA-512:4048D643847EAB6B88CF8181594BB0762322A9A6D4ECD51746DDDE66C4696B15CE6715404B8798AD555C4C71BEE28FCB853DC3180E520CC932404FD91ECABA33
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/themes/shield-apps2/js/TweenMax.min.js?ver=6.6.2
                                                                                                                                                                              Preview:..............6.%..F.w....".1.r..-..)W.3.g.s*.g.[.(..).`..2eQ..]..D)...}/b.N...?.=........G..o.|.......8..!.......Lzo.....?..?..}.....?..........5.4*...j[....d.......Z...z+...I......u....>....$....M....o..;.~..w..wy....>.RfwZ...|.?......{.!.BI..T..S.....).)n..w..k...^...#...B{...w....^>..4..;....F...z.k.....=.<....9...wk,......4............#hC}[.V..k.q.p...np..7...........m.F.QW....(=../..^.s....O/E..............B.......|..2......P....u..y>..&.).*.J........_K(..^..|AHT.f..J...!(.Ec.Hm.tk.{.a./.. U...Rl.=.Z....u#FO....4.R....'...u....5.F9..$.j.,N..ID...a8.-....'.T.....D..<..C..Qw...>.es..b...L...g..p.I..Uu...r......Lh.?...j..B+...M.H%..h.S.D....<7T1..s.9.Vi...Z.=.}...p........DG;.2..q4.C..4G.J.t...'....=e.1...U4?.X}.;A...5..Gus.d..T!.7|...~.../......'$D4..4.......\d......."..n .....g.g..#./..D.f%...3h.........b..L`.GOCU..P..A..X....?.w..\H.O.Ax..^K.^oL..:.....1..7..:.j"..m.(z5oT.3G$!.J....jGN...Y.$b..RX.YUI.1 .Q.T._.$DP.

                                                                                                                                                                              Chrome Cache Entry: 393

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:PNG image data, 642 x 603, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):189587
                                                                                                                                                                              Entropy (8bit):7.993118109283696
                                                                                                                                                                              Encrypted:true
                                                                                                                                                                              SSDEEP:3072:hHHopAzd3PCD05oy3GnqXHtIQ1BI/GmLdfkqmNtmASDXyiwWLKT+OP6OhWqK7gMj:JIsagyoSqXHiQ1BJIBkFNtpWrghc79j
                                                                                                                                                                              MD5:F6D1CEE6362678A01EF819E67FFE7541
                                                                                                                                                                              SHA1:FCD232DD8786C711D773650CFF59BB311DDAA1E5
                                                                                                                                                                              SHA-256:AD99E596FC8BBB77156F7A7E276A8C9F32C7B8014C6EBD7FA7DC7AA942DD47B3
                                                                                                                                                                              SHA-512:9DC8A5FC3486AEFFFE36B5FB5F72B6B2D24F13CCA4703E7178E4469ED9307818F56936F7C447FE9086E8FDC5F642778C3DF6FB0FCE732274E065CDD9055C6F97
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/uploads/2016/03/box-anti-malware1.png
                                                                                                                                                                              Preview:.PNG........IHDR.......[.....p.......pHYs...#...#.x.?v...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                              Chrome Cache Entry: 394

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:PNG image data, 642 x 636, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):186476
                                                                                                                                                                              Entropy (8bit):7.9947382359809005
                                                                                                                                                                              Encrypted:true
                                                                                                                                                                              SSDEEP:3072:G1zC1WFWiQG8NJEIw/M2KY2UZTXU9RlpcC4XSqxs5W7IFkOWyvrs5rOMbWMHjo:GwWxY2IYVS9GCkSss5W7IFkOJ47rHjo
                                                                                                                                                                              MD5:0E46447B97CCF9D56A29FE955F8DEF33
                                                                                                                                                                              SHA1:13D02FADFE3848F85441747BAAE9365FCFBCD1F0
                                                                                                                                                                              SHA-256:F60AC7265104F804D45C3AA1F189292D9C99EFDC64D5B0A0FAF3528A795FC839
                                                                                                                                                                              SHA-512:8D0C9BFB3E4C7041FAE96A2C5011998B5BF7044E31F7426832F29791FEB492538A251DB59AF432AFA2EA706751BA944F797D7EF61103882A8349756C3B9453F3
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/uploads/2015/04/box-pc-privacy-shield1.png
                                                                                                                                                                              Preview:.PNG........IHDR.......|.....jh.|....pHYs...#...#.x.?v...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                              Chrome Cache Entry: 395

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:ASCII text, with very long lines (723)
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):7076
                                                                                                                                                                              Entropy (8bit):5.52488676121649
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:bttd4a6O1T6ahNU3dJ+SrM0hjUYIW2WX8ISlY:bBJ1T9UNJ+SrM0lXV2WXXSlY
                                                                                                                                                                              MD5:88A2E0A522036C0B87E03552E56629AA
                                                                                                                                                                              SHA1:EC9D1157518E753A84DBDE1333A29B34CF776D63
                                                                                                                                                                              SHA-256:788AFB96F2DA68E8729EC35F3D5E381FAD3482D37C54C2195C7311440EE4C27E
                                                                                                                                                                              SHA-512:44B953878BD650FE2BCC8B6904620955C3E396B7DC8F41F85D021A8E0404DA41DB15C5499A03F7D4FE9129BB340AA3F6782942CF5327502FD4569BEBBB17073F
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://www.googletagmanager.com/static/service_worker/4al0/sw.js?origin=https%3A%2F%2Fshieldapps.com
                                                                                                                                                                              Preview:'use strict';var k=function(a){function b(c){return a.next(c)}function e(c){return a.throw(c)}return new Promise(function(c,d){function f(h){h.done?c(h.value):Promise.resolve(h.value).then(b,e).then(f,d)}f(a.next())})};/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var m=this||self;var u,v;a:{for(var x=["CLOSURE_FLAGS"],B=m,C=0;C<x.length;C++)if(B=B[x[C]],B==null){v=null;break a}v=B}var G=v&&v[610401301];u=G!=null?G:!1;var H;const I=m.navigator;H=I?I.userAgentData||null:null;function J(a){return u?H?H.brands.some(({brand:b})=>b&&b.indexOf(a)!=-1):!1:!1}function K(a){var b;a:{const e=m.navigator;if(e){const c=e.userAgent;if(c){b=c;break a}}b=""}return b.indexOf(a)!=-1};function L(){return u?!!H&&H.brands.length>0:!1}function O(){return L()?J("Chromium"):(K("Chrome")||K("CriOS"))&&!(L()?0:K("Edge"))||K("Silk")};!K("Android")||O();O();!K("Safari")||O()||(L()?0:K("Coast"))||(L()?0:K("Opera"))||(L()?0:K("Edge"))||(L()?J("Microsoft Edge"):K("Edg/"))||L()&

                                                                                                                                                                              Chrome Cache Entry: 396

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:gzip compressed data, from Unix, original size modulo 2^32 40461
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):13417
                                                                                                                                                                              Entropy (8bit):7.96972291034552
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:wtG4PDHZafEJwegVi5G+p9XUGPjqVtsMpZVOUL8CZ07nwsg3T:bcH3wnVi5G+fkG7qVtsMpZXLtZmLgT
                                                                                                                                                                              MD5:CB41F6AC63DC479C2940745A79C7DE6D
                                                                                                                                                                              SHA1:C6ED5F4C04FABE4681BC6D3843A2C3BE203E9527
                                                                                                                                                                              SHA-256:F8F77CE674B83ED9C3346B1155B48C3D79C80A196D3FCD729619240016FD0697
                                                                                                                                                                              SHA-512:07CADBFDE95A43D504ED7E95CF42EAD421A408AA45CB8F538EA0F1CD2C2BE448CFD1DE72931FC1109505E06AB7CF56EA602797EDD68A519A02B957A092970098
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/themes/shield-apps2/js/slick.min.js?ver=6.6.2
                                                                                                                                                                              Preview:............w..-.{...+W%b....yRh.\'}.....].~w....."X.........DR_...;3..t."....g....7...._...~3..?..8..I.G...#..y1.K..........`.?.%v..`..Q.....#.....?...P..B....7..........m.*..I.C...Ue3.........@.......ia:.-./^.BqW.Esi.*...V.|...%...?C...M.W.....1...4....7{...*...BFVAe``.....`s..}(A....,`8..#....gx...g..!...L...."8...}..5..%......P....n........}.ux...A...B........Z.x;AV....9.d.fR....A..Y.#........}...)...r.oA.3;=.PV.P.WZ.;..9i*....;7m~b..1"E....s.o_&....i...!..f.H..K.* ..........LK6.Y.y.|.T....%(....8........r.--....D.x..O......C.UV.9{.z6.%..~..S....A.p.....B..i....(7..30....2V->..ki.B...`+]<u...z.&.".R..c.5.=....9....k*\.....p.M..\!.B...%9....~.\..t@A..G.l.`.}..MY.C.p..%..}.e..BZ..>$./s..c.....+&..B..V......~....U.>.o...Ch...MmB5.....4...]..\B.i.t..0.. .?.'.?c...R.Y..Q.....?......o.?..#".U..> 3w..W...T...._\^.+...0...w^:.Q._.......,.~_.c..,.1i.T.U!.....w....._S...M.b....6...0.Wr.:z.x.5..5..vv.)....z6..m.>..].4..e{|.r.5 9.^...g...W.-..

                                                                                                                                                                              Chrome Cache Entry: 397

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):1729
                                                                                                                                                                              Entropy (8bit):4.5965613422882186
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:ve0hjm0M3ZGwgbb6qSicVI2QWTF3IZcVkTFxchwQUm8B5Td:vel5wXbbsichBTmpTXbS8Td
                                                                                                                                                                              MD5:13B1B6672B8CFB0D9AE7F899F1C42875
                                                                                                                                                                              SHA1:6E9D13342A11A8CFD9E42EE243EAEAE01CDA4E25
                                                                                                                                                                              SHA-256:D917660C3D6F7AAD32EBC4B0012C6D0BB84A13E201A012E334BCCA4B9F4686C9
                                                                                                                                                                              SHA-512:58859D7505BB6C77ECD60C080982285EE89F2DBF2008F904ED9FE0ABB407937A4ABB18CDB3413AF119F973B220E1C5A0B995B9088BD1AE84E3D86AD2C6CBD465
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/themes/shield-apps2/css/slick.css?ver=6.6.2
                                                                                                                                                                              Preview:/* Slider */..slick-slider.{. position: relative;.. display: block;. box-sizing: border-box;.. -webkit-user-select: none;. -moz-user-select: none;. -ms-user-select: none;. user-select: none;.. -webkit-touch-callout: none;. -khtml-user-select: none;. -ms-touch-action: pan-y;. touch-action: pan-y;. -webkit-tap-highlight-color: transparent;.}...slick-list.{. position: relative;.. display: block;. overflow: hidden;.. margin: 0;. padding: 0;.}..slick-list:focus.{. outline: none;.}..slick-list.dragging.{. cursor: pointer;. cursor: hand;.}...slick-slider .slick-track,..slick-slider .slick-list.{. -webkit-transform: translate3d(0, 0, 0);. -moz-transform: translate3d(0, 0, 0);. -ms-transform: translate3d(0, 0, 0);. -o-transform: translate3d(0, 0, 0);. transform: translate3d(0, 0, 0);.}...slick-track.{. position: relative;. top: 0;. left: 0;.. display: block;.}..slick-tra

                                                                                                                                                                              Chrome Cache Entry: 398

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:PNG image data, 642 x 636, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):204709
                                                                                                                                                                              Entropy (8bit):7.991385517238867
                                                                                                                                                                              Encrypted:true
                                                                                                                                                                              SSDEEP:3072:qAv0nBnfhs+69RULKySB+GUK49T1PjK3XPzZ5raiaBs8y4CcOzGnORb+8w/6VDxU:qoIHXuySFoDPO3XPzvaX5CvSn2bSaDd0
                                                                                                                                                                              MD5:DBA4A76C69C796D0A01C5243F0635F93
                                                                                                                                                                              SHA1:0AA1DF3538049D0C9062D126CEC7D3C8E1B22EC7
                                                                                                                                                                              SHA-256:15463F090528C171BA847DB047BDB11A9BE3EAC282F3C9D99860C6C52CF9327C
                                                                                                                                                                              SHA-512:60246814485FD82AE8C55EE1DC72A3EDAABA838577D95EEF0376723256A6814E1A10153CA490255D9DF220184BBDCD318514DBC50C470856768752B37608E26C
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/uploads/2015/06/box-identity-theft-preventer1.png
                                                                                                                                                                              Preview:.PNG........IHDR.......|.....jh.|....pHYs...#...#.x.?v...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                              Chrome Cache Entry: 399

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:ASCII text, with very long lines (2782), with no line terminators
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):2782
                                                                                                                                                                              Entropy (8bit):4.811213160723536
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:Tn79O/OgTv5vIoXJ8YpPt7Http2hov02n99vK2iP7ONvp99Ojv+9Oiv4Ovmvvpge:T7YPJXj7HtQS7n9htv9fNA
                                                                                                                                                                              MD5:78B10B5AB3274275E3AD29A5182C5053
                                                                                                                                                                              SHA1:67F4E3E6619D2A1AAC209876D35E1EB74EF703B2
                                                                                                                                                                              SHA-256:0D5F949FCF84560D013B596B51856D6BC487BEDC510BC712E82458F00B2506E5
                                                                                                                                                                              SHA-512:BBBB3D01A12C471B29A2B0666E0B3BB0DE15A34C915715D43EEA716988BFAB8CCF9F41817D277B0E7219280DA230FC7E145625D780F082B8431F476C2AB2D1EF
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/plugins/complianz-gdpr-premium/assets/css/cookieblocker.min.css?ver=1720730547
                                                                                                                                                                              Preview:.cmplz-video.cmplz-iframe-styles{background-color:transparent}.cmplz-video.cmplz-hidden{visibility:hidden !important}.cmplz-blocked-content-notice{display:none}.cmplz-placeholder-parent{height:inherit}.cmplz-optin .cmplz-blocked-content-container .cmplz-blocked-content-notice,.cmplz-optout .cmplz-blocked-content-container .cmplz-blocked-content-notice,.cmplz-optin .cmplz-wp-video .cmplz-blocked-content-notice,.cmplz-optout .cmplz-wp-video .cmplz-blocked-content-notice{display:block}.cmplz-blocked-content-container,.cmplz-wp-video{animation-name:cmplz-fadein;animation-duration:600ms;background:#FFF;border:0;border-radius:3px;box-shadow:0 0 1px 0 rgba(0,0,0,0.5),0 1px 10px 0 rgba(0,0,0,0.15);display:flex;justify-content:center;align-items:center;background-repeat:no-repeat !important;background-size:cover !important;height:inherit;position:relative}.cmplz-blocked-content-container.gmw-map-cover,.cmplz-wp-video.gmw-map-cover{max-height:100%;position:absolute}.cmplz-blocked-content-contain

                                                                                                                                                                              Chrome Cache Entry: 400

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:gzip compressed data, from Unix, original size modulo 2^32 5746
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):1773
                                                                                                                                                                              Entropy (8bit):7.902497100326405
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:XOt7j/PX9pGPK9tIb2Xvu5+xhmuu1BfH0LiiMUD7fx:et7j/PX9pMM2bQiS81BfH0LXXx
                                                                                                                                                                              MD5:4175316CEA840BF01D38A948CB1E28A8
                                                                                                                                                                              SHA1:DAABB3E011723F1B620284F591DA355ED4F3565F
                                                                                                                                                                              SHA-256:A90F27B53E7986AEFFBB82E467DA35D775858977F74B7FF3F1EC024987E8159C
                                                                                                                                                                              SHA-512:4DD97744029F62B2C8AA10CE5F5F37C2E8B28DCE31952E25D9E27DC1E3243BAC082DB43DFFC7F74BEED54C9BB06A0BDAC13A7E3F05B253EB33DE3F7A64524B35
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/themes/shield-apps2/js/design.js?ver=6.6.2
                                                                                                                                                                              Preview:...........R.o.8.......[Q.%;Y..:u..v...EsH....hilqK..IY....oH....b./G$.5|3....R..+I/"..,.......D(........ .2Mj.G..,...K...n.n:...`.sr.Q.{.Z....+9.......f....o...7...@@r...-7...^].....Z..*.T9. o?....)F..i.[..N.S.i{e ,....(..\2....:...jF~....`.X....a.f>U....].F..W.G.>7&.....-.T.Cq.V.w.+...=$V..'..Y..N...W.8.s..VZ........n2L.f`NnU..2q..J{.Q[...q.=.w.e...'1.;`.hr.sy...|E..~...kry...R.Y......:.l...}A...36G.a..,{#.14.Sc...1v(O..[...l.sxM.....?.gO..0.\!..\....9.g...n...V..q"+...`2I.2.K...m..._.,...&J.Z.E+.*@.75&L6..._3..>.....5..x.v/5.Iz....W{.....o.~.7 K........&....L.#.,....~]..........b.S%.B.f....=...&...p..v...;.k.Rp.F.J..r..|#x..^!.9.;...C...Nc.;'.d.......J(....X....m.[.......i..R........V..iV)).......A.....i.RL.i..H,`e....e.). a..s..v.NmA.[..2.... .q.)...R=.9....b@....>.JZ..._.......PI.A..7 KG.I..k.wp...}...t.6.:...N..k......J(.).....EdL.g3.<,..j.....4.IrM^..A'`...ba..?|.YFC.X...g&$..O....b.M..3...(Vm...j.n..s..X-........7..y|U.j..Kx"{

                                                                                                                                                                              Chrome Cache Entry: 401

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:ASCII text, with very long lines (5945)
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):336475
                                                                                                                                                                              Entropy (8bit):5.607342242740822
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:x4noGbgBu2o+k2639cM8Gp/C2Wdtu9BW24nOT:KnVcu2o+1dAEc
                                                                                                                                                                              MD5:B9ED7FF064174F92617C2E01FE5EEB46
                                                                                                                                                                              SHA1:738DA1A88D8A6D66C0442F7B328DB17C53E8471C
                                                                                                                                                                              SHA-256:16D7BD92E51753D9E3D23B65D5D15BCFEA4F97B5CE8F205ACC3F8157C2366D71
                                                                                                                                                                              SHA-512:E1CA2A6505C3FEB47E4E01FC4AAA13ECA0A36AB15B83DB29ACE5D82E4E5742FD71AF4A8BE4DE74C395676C57E46D6AB8F923B53259736A5456F1F96FC9D25351
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://www.googletagmanager.com/gtag/js?id=GT-M38DBR2&l=dataLayer&cx=c
                                                                                                                                                                              Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_1p_data_v2","priority":15,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_lastNameType":"CSS_SELECTOR","vtp_autoAddressEnabled":false,"vtp_regionValue":"","vtp_countryValue":"",

                                                                                                                                                                              Chrome Cache Entry: 402

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:PNG image data, 642 x 636, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):199859
                                                                                                                                                                              Entropy (8bit):7.995320105934707
                                                                                                                                                                              Encrypted:true
                                                                                                                                                                              SSDEEP:6144:SUKKj6gTocXsGUSmMlj2aXgVBb1pEwMnAtp7on2b/FAf:SUZ8ccGU4lj2aXsB5pE9sJJbif
                                                                                                                                                                              MD5:E035F4ADB49B6BB292640EE444FE89AE
                                                                                                                                                                              SHA1:B734A24F49FA36F09BB1AB7886F49A0EEAECE789
                                                                                                                                                                              SHA-256:F1D404B6EA7B4ED74763D0520B8A84A3BAA1EB6189E21561CBD07B9646ACCFA8
                                                                                                                                                                              SHA-512:B5A979A971A6F892D518FE48F174806F1DC6745A15165AE40BD96E6573681B1851AF045B7EFF12F58D090FBDA5CAD0CB9BF70431E9F5B4328353CDB8E22D633A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/uploads/2022/10/box-shield-antivirus1.png
                                                                                                                                                                              Preview:.PNG........IHDR.......|.....jh.|....pHYs...#...#.x.?v....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop CC 2018 (Windows)" xmp:CreateDate="2022-10-04T16:42:11+02:00" xmp:ModifyDate="2022-10-04T17:01:43+02:00" xmp:MetadataDate="2022-10-04T17:01:43+02:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:b698252f-9371-5548-86b8-af2c6a198927" xmpMM:DocumentID="xmp.did:b698252f-9371-5548-86b8-af2c6a198927" xmpMM:Origi

                                                                                                                                                                              Chrome Cache Entry: 403

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:gzip compressed data, from Unix, original size modulo 2^32 15356
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):3867
                                                                                                                                                                              Entropy (8bit):7.946411767627541
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:mRfZfu39pWzPd5BBB2YYL+rVchAK+TmiVdU:mO39pWz15LZYSrahA9ab
                                                                                                                                                                              MD5:1ECD8A57CBC5B721A23119EA5C0E6CE2
                                                                                                                                                                              SHA1:F9D4332C44C9F8A8EB148A5D724D619289E4342B
                                                                                                                                                                              SHA-256:C6B520E5EFC7FAA1D1BCA259C0E63965B82E1370D5E495821D07F2793A62ABE7
                                                                                                                                                                              SHA-512:F07593A8F97A9B539CE132713D3B965F2120EFDE4D18C7E2E692BD89B1713E903E44A7C7A6F6BA7AD74739C29DC62373F8EC94915821B46D20DEB0020CE48984
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/uploads/complianz/css/banner-1-optout.css?v=30
                                                                                                                                                                              Preview:...........Rko.:..+.n4.....!..z.{.....e?.....T..)...i.o........C.NU.:uP7...o...U^A.......y.......[...Q.*a..P).k..h..V...6....I..L...c...F{.>ao....%B&..K....>...:[....5.S.....=...].IO....5....(c....?O....5..K......].[!.u....t..$...DM..a.W......H...h`.^.. y.$..j:?.../.jX...P.h%....+0f.e.......,...9.R...1.....z.~..h..z1:...........sh...r:I8..u..O<.A%..Y.~....g|x.......{.......Q......'...[.0r.....E;..Q....Z....x\.@....r.G......].K.......@{^...O.|r.d...K..;..)<..#...........w..><.e.R......c.g_?.Z..u.Zz.){.%l....G...^.;...M1N....4.Z..'F.y.5..."...v.W...w_d..W......V...!...!..\A.w....8.+.3.j.(T....dH..7....Gt.....q..h.....B.....FH...B.yk]P.1.=......y....Mn.......t.&...m....A...%..G..F.@Ri:7Jl..XR..X*qf.....{....M..O|...=_....wX.s....7......K....<Iz...2..j5H.lT..`....lL.z.sc.......*.r....<Y&U?W.3..:.',.*...U.8...Uc.v.,p.2e.X..LAA...M.i.....VhG+...Q....q......=....E.=.8..Y;r.j.e4.a......I...L...V.m,:!..."7....$+w~. a..rw..s

                                                                                                                                                                              Chrome Cache Entry: 404

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:ASCII text, with very long lines (17013)
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):17540
                                                                                                                                                                              Entropy (8bit):5.188786559092967
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:EBuNlw11eJp2Th5U5d9+mZ519hpJPbrYitQDQJaUy:ECw11e/2vUNV19VPbrYPDQJa9
                                                                                                                                                                              MD5:7692DE9585288E1CB714EF6A3BA648C5
                                                                                                                                                                              SHA1:385C6366309A4BD6041A55B2B97A2004CAEC93AD
                                                                                                                                                                              SHA-256:29AFBC0910B1B451080478E7E42A62726E32AF2427EC1F8DAF3A04A3480D2EF9
                                                                                                                                                                              SHA-512:319E51E058073D763CB6D424A7E3C1A974FD55C9C4806DA90365FB689EE599C7D8FB572170455BD53F44AA9755C9A5095837CFEF5A7E0B988517894C0465761C
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/themes/shield-apps2/css/bootstrap.min.css?ver=6.6.2
                                                                                                                                                                              Preview:/*!. * Bootstrap v3.3.5 (http://getbootstrap.com). * Copyright 2011-2016 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */../*!. * Generated using the Bootstrap Customizer (http://getbootstrap.com/customize/?id=80bfdbd9481ac43ae635). * Config saved to config.json and https://gist.github.com/80bfdbd9481ac43ae635. *//*!. * Bootstrap v3.3.6 (http://getbootstrap.com). * Copyright 2011-2015 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:h

                                                                                                                                                                              Chrome Cache Entry: 405

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:gzip compressed data, from Unix, original size modulo 2^32 28249
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):8079
                                                                                                                                                                              Entropy (8bit):7.960995187975505
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:nUoBoUu50Um44ONnIxE1WYZZ2SpKgu36WNlcM8HPtj:nUoB3Um43n+oZ4INuGP9
                                                                                                                                                                              MD5:279F0A5293963392C7D34B7E82FB0FA2
                                                                                                                                                                              SHA1:BE9A821D45ADE81F6C2109317270AAA997FD3284
                                                                                                                                                                              SHA-256:6B02509CB4A3887AEBBDE84F49F0B2E0D15AF37061D5D30A44846C99431A4FA0
                                                                                                                                                                              SHA-512:3A728F51D247F30C615CC7F7A49AF51681A88DF2E77971045B8B3EC8FFF63B8C94F50BCE2CAC96078E004AFF565EE9A1E21E6C5346D22498371149369F7351BE
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/plugins/formcraft3/dist/formcraft-common.css?ver=3.8.24
                                                                                                                                                                              Preview:...........r.s.6.._a.......eQ......2=..d..IoMM..H...,..$.....HI.>l....j.....q.9'*..sM...\..K...6,H..._...4'"x..."........B...`XB3"...`8...r....\..Y.....Xu].....&.8<.G.T0..C...r.{.4...4.@.-.Yn.{....+....=..D.D.Rb?*S.:.5.;..z..R.r..../'....f......k...+y....4..C..r.K....\..Q0b[.Ha-x6.......b...9...s3..n.o..w...wlUhR3.....2...a.^.......1.^........U.E.7..`GW.I.F+.o..*=..F.,.."..#........H"OT.m....d.L\.... LE.Z.3..Z.....J.WEQ.N.....}Q.,.]f....h4A.(..F(.C|.?.{M.(IFsx._...d./H.....b./nA.....\Is.v.v%...?.....ee.......Z\F....T..B...i....fe+....W.P(..r...h/...._:o...*p.".........V...vq54.P.$..D0..^gJ.%...x......i.q...F...%.da.|...Z.D.\b.....1.:m......b.=....0..p..X..p.j0..F.N.W..<.Ko.zL'.3e..O..V...&.4..k..}.m........lN....{..A%G.#...cA..&......Ktz~...`pu.Y{..Rs..........>m.i=A...J0,...P..,...1.Qgt..H.J.T0..B.;...^...B.f..`C......Y.Qbuz..9.!.....d..........[.....O.....I5...;V..nW..z..Y.w)5Y...:>.Fl..)...._..r.9St...Hno.%.....a..&....B-p.)8.s._..wN1..#<...

                                                                                                                                                                              Chrome Cache Entry: 406

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:ASCII text, with very long lines (5945)
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):336442
                                                                                                                                                                              Entropy (8bit):5.607272129184987
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:x4noGbgBuco2k2639cM8Gp/t2Wdtu9BW24nOQ:KnVcuco2edAEj
                                                                                                                                                                              MD5:F0EF5464861DCAC54D680A5350053038
                                                                                                                                                                              SHA1:5DD3F792A8FDA6D805C2EEF51319BD686FB3F810
                                                                                                                                                                              SHA-256:18D5C55FAEFA3AE171353CDE6ABB0A2D2291A5301E45C20B74CD80BBEC68EADD
                                                                                                                                                                              SHA-512:86EB08CFB345E027AFE64DD6D9C9047BD7F377A1B87735E24652D14FE1B9677DCEB823E162A7FA57A4AD5167F770BF29FFA5CE9B81715E08B980F5D90EC92975
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://www.googletagmanager.com/gtag/js?id=GT-M38DBR2
                                                                                                                                                                              Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_1p_data_v2","priority":15,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_lastNameType":"CSS_SELECTOR","vtp_autoAddressEnabled":false,"vtp_regionValue":"","vtp_countryValue":"",

                                                                                                                                                                              Chrome Cache Entry: 407

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:gzip compressed data, from Unix, original size modulo 2^32 2537
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):1135
                                                                                                                                                                              Entropy (8bit):7.787708562963399
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:XLPKCPK+rFfT//acTD/L63T/gUF9djWI5R6bdYfru9n:XL9K+t/CuP63HFHjWI5kJYfK9
                                                                                                                                                                              MD5:03973024BB9E064C0B04917FA7CDA0D7
                                                                                                                                                                              SHA1:3BA446528E0902416D4DB7D5D0DAADBD63D0C8C3
                                                                                                                                                                              SHA-256:5896DB523FE71C0F6CC57DF964D586DA5060F9A0532C3A3D710F6F68542CE2B7
                                                                                                                                                                              SHA-512:71192DBAB15E348C5CF65086B819686D9429A2CDEB074BBE5A461C6835259FFDDA7B640B87BA5D55D6643FC3DE71B5975D483BAC47ACBE5AEF7D0FA78BD65B58
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/themes/shield-apps2/js/ScrollToPlugin.min.js?ver=6.6.2
                                                                                                                                                                              Preview:...........R.n.6.}/..@...R...i...7H....d7i.#..Z.m&.(.Tl..w(.6.........s..:.>......>|....). ......S..NN.{'g.._..?....]....k8<.hfL...O....I.Iw.>f"..G..........O~.Y|.~.?..Ot.e...Hq..;O..y....R.!.u9~.AF"3..p5...T..ay.T.....M.r..Y9..@s>.s.q....,..Y.9....,.....)Z.3C.,...L.-.{V..T1......2..+.?~;..c..B..~Hd.iP.)....A....r..2-3...e!.....i&.,..-60.^.<..~.)B...%..o...K....pR..2..UP...Q"1A..64.Ii'D6.OY31.+..."......i..(.j..'R3...wn..pN..(.e...K.$..8{a.bc.V}.M.r$..z..q.......24...f.D..?.".....6..V.k..H..@N&..Z/k..?..f.....U.dq..<n.>.._.....;x.Z..SrA..,ra....VXG..........vw...j6...j...+..o5V.n...:r.0YMU...'..YF...;.vN]xI.v...;B.....S...B4/-.".A.VI.GK..b.....L.Q.r....(V6.....;'m...-.0..F.....(jlL..(.h.dK......RyT*G.j.T....T{T..J.d..7....A...@.+..IX.9z&.ZH...kp.I....p.p.....`..w.T.vh.}...<.p...u...Q.+B.....{.D........../..0.[.Z.{X.o+0y....y".m..^.+.......Y......3..._.h...a.....(....{..V.(.z..l...&{.9.........k.>.j.R....H.BI#MU."s...;......T9...

                                                                                                                                                                              Chrome Cache Entry: 408

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:PNG image data, 642 x 636, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):185712
                                                                                                                                                                              Entropy (8bit):7.992223104935724
                                                                                                                                                                              Encrypted:true
                                                                                                                                                                              SSDEEP:3072:AMeXeOcVKUgD59QujjNpChacUJDKjK+yDbDDdaXK2F07pFk3E4:AMeuVQD59JNCacODK2XdaXHF0NFk3F
                                                                                                                                                                              MD5:BAABD7D20A6D258D887D73B58D4B4D4A
                                                                                                                                                                              SHA1:7B17A96FF6AB75E9EC217DBDB191666EC74D0E6D
                                                                                                                                                                              SHA-256:BEAA8EAFE763CF068945A66DA8C7EF0A70268C9C711B54C7201958806EA0C7B3
                                                                                                                                                                              SHA-512:0A918E241DBB379D36F1D0CFFE2258041C009A05C3C0D09D2C4735647CD5FA4C45A23B4FCF702D3C952A035933AF5F07D7D71A8E6B4C94509A44565F05753EE3
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/uploads/2015/03/box-shieldapps-cyber-privacy1.png
                                                                                                                                                                              Preview:.PNG........IHDR.......|.....jh.|....pHYs...#...#.x.?v...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                              Chrome Cache Entry: 409

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:gzip compressed data, from Unix, original size modulo 2^32 40430
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):14825
                                                                                                                                                                              Entropy (8bit):7.977383844386986
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:f9Wn7uwHh5zv0Z2Hm92M3WHimPT2yrH73k1mvIhF8YBfRh:f9WXqj4MGX1T9IT8Yvh
                                                                                                                                                                              MD5:AC4D4AD689B5154893966831A5D55A79
                                                                                                                                                                              SHA1:FE9C33733102F55FEFEA3D6C3CDBC40CA6AB2E66
                                                                                                                                                                              SHA-256:F965746E2186B632E23FBF84C3EE558FC5F395BD738E961604E59600C0C7003B
                                                                                                                                                                              SHA-512:A6EA590E986AF14E4E6B3F0C570DD4751CE87907F819AC61EA5C418CFA5A44F3759590FAEABA442EF8D9A02F0878EA6E176BF945920AF03DA17FB0513F7002C3
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/plugins/complianz-gdpr-premium/cookiebanner/js/complianz.min.js?ver=1720730544
                                                                                                                                                                              Preview:.............w.9.,.W..}..X.fv..#v..G...<..myv...n]..$a.@5.E.&.._.>.%Jv....H"3###.U.".NId.qe$*k"9+..\:..9h......+..+..;m..]...`.L..2...8..&.9B.E...L$_m..r...G .j....(..h...<...}I.7..[.|....UW-.Si.e..v<.......S".. m....."...=.xp<-....^fB...#......."i.]Y.O..........m"<......-./.7Z.,.......!.}*..0...GD..].9......0%.. ..U.1+...$.&.-.O....z.$0>.....M.....P.......q..\..}.^.,.....~F,......*.F...'.HKW*a....gl_.W..1.+..9O %.[..A..1k.....0Q...Nn...a.)b.....C.S.3;..N(L..h21.|......z......&.1../.....T/.*q...&..2yS&.-x"..0e.2t....l..?07....(.............lc...(.9>...KG.P(.;..73../.A.....f....q...g.N..c\G...G.]5SohU...wA.6.9.1.-.&.-cSi....#.<.=....B....(.dJ.5....d.&.XBZ...n4....P|...0b../om..B...Fs."Ld.P...T[.N.t.`<.\.2I.-..f...`.f.3...v.....O.s....e.'..$>D<.H.'.m."..5...\.-b.....me......h..~I....|....<i..tV.O6^Q.LF0.se.%.3kq.6...~J./.....3.G..&cg..NS'.~VS.mn.....A......../.g.&.c.. >O......k.1..+.p.^....._Rt.0.t.U..$..v3...v..P."fW.G;..0>t..3Q._.

                                                                                                                                                                              Chrome Cache Entry: 410

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):322
                                                                                                                                                                              Entropy (8bit):5.441277019704023
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:6v/lhPfZM2jhmmihH7vdQg9sMEdUjH/aGZymRmjwLfsO8Zp:6v/7C2L2bvdQnZWvymRmeuX
                                                                                                                                                                              MD5:C29F37B35108559C684D3029398A8BD2
                                                                                                                                                                              SHA1:716618CF9DB16A0F5A62306ABD14B05FFCE101BC
                                                                                                                                                                              SHA-256:756EC78AFBAC24DFA32D460BDD82462C246594A63AF87D5398D548BAB683681B
                                                                                                                                                                              SHA-512:FB30A0A9BA90D26C9056A8DD46CCF3CBB7E2FE91501D3CF897CC0BA189432EA68AD5A214FB6957452F660FE71233950E339B574E1B95EBD7CB4B42F84BB2BB13
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/uploads/2022/03/palceholder.png
                                                                                                                                                                              Preview:.PNG........IHDR....................pHYs..........+......tIME.......#d.....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning........tEXtSource.........tEXtComment........tEXtTitle....'....IDAT..c...?........4....IEND.B`.

                                                                                                                                                                              Chrome Cache Entry: 411

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):46971
                                                                                                                                                                              Entropy (8bit):5.480394748088526
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:TP2B8BAB9BIBDBjB2uzFRpi0MerX/+FEFTHvQldVoCYUvaROcGviVHBBBdBmB0Be:o7
                                                                                                                                                                              MD5:E66A53231C34FD54ABDBA637CB2CD1D2
                                                                                                                                                                              SHA1:377E838C103EE742D85774FF93CE0D932F58D5AA
                                                                                                                                                                              SHA-256:464AC43ED4292EAFD9C5EA39D769E446EB23F50A0A2024A43FF8EC07B6EADBEC
                                                                                                                                                                              SHA-512:EA1F85393E8321A709AE4C16D69AA499C6ED275F9EC749D152894371A832F9167ABEA1176212922B8A02499E1C0AB84540106F36BBFC959CBD278B46BBFB943E
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://fonts.googleapis.com/css?family=Bitter%3A400%2C700%2C400italic%7CRoboto%3A400%2C100%2C100italic%2C300%2C300italic%2C400italic%2C500%2C500italic%2C700%2C700italic%2C900%2C900italic%7CRoboto+Condensed%3A400%2C300%2C300italic%2C400italic%2C700%2C700italic&ver=6.6.2
                                                                                                                                                                              Preview:/* cyrillic-ext */.@font-face {. font-family: 'Bitter';. font-style: italic;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/bitter/v36/raxjHiqOu8IVPmn7epZnDMyKBvHf5D6c4Pz-UnByjeU.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Bitter';. font-style: italic;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/bitter/v36/raxjHiqOu8IVPmn7epZnDMyKBvHf5D6c4Pz-W3ByjeU.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* vietnamese */.@font-face {. font-family: 'Bitter';. font-style: italic;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/bitter/v36/raxjHiqOu8IVPmn7epZnDMyKBvHf5D6c4Pz-UHByjeU.woff2) format('woff2');. unicode-range: U+0102-0103, U+0110-0111, U+0128-0129, U+0168-0169, U+01A0-01A1, U+01AF-01B0, U+0300-0301, U+0303-0304, U+0308-0309, U+0323, U+0329, U+1EA0-1EF9, U+20AB;.}./* latin-ext */.

                                                                                                                                                                              Chrome Cache Entry: 412

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:PNG image data, 221 x 147, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):26000
                                                                                                                                                                              Entropy (8bit):7.986228012326476
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:KXE05M2GxRI/wM8DLKMV1nByQjQ8ieRz7pXemzN2ZiwbxU9UUyY38uttVE5Tir2p:w35tuRInsLVB/d7Qbm9Lt381ipaA+
                                                                                                                                                                              MD5:D6308FF411BD21D9B7A857BB96B837F6
                                                                                                                                                                              SHA1:24290BE3D48C3F65B35E0BFBC9FFB7461FE49F74
                                                                                                                                                                              SHA-256:AA77988ED10C9DA58B0DC6A8A1A6DE2F23AD61A39D4249C56825EAADCBF99995
                                                                                                                                                                              SHA-512:BC1F76EC7B768E5F76E6C7C5BE054E56B42C4060A0B5469A45167F508FD5B70721B604F725A469EF20209F4E11646E9EF174C93128E9983AE1FBD8C80D2FB272
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/uploads/2020/02/partner_logos_c.png
                                                                                                                                                                              Preview:.PNG........IHDR.....................pHYs...#...#.x.?v...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                              Chrome Cache Entry: 413

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:gzip compressed data, from Unix, original size modulo 2^32 880
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):472
                                                                                                                                                                              Entropy (8bit):7.52309066707105
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:XtSBMfGDvfASHRtBjJQzX/0KkFL+YoPYnjvMcuKMiOelPnpp0Vk1iUflr2IWpBF+:X0AGEKt16zX/0KnOocFMKNP0V8itdp9A
                                                                                                                                                                              MD5:A8F020E6B12E4669452A1ED0C89ADE58
                                                                                                                                                                              SHA1:3D64FF4064CA0D0546ACBC6E379CF182F435F2AD
                                                                                                                                                                              SHA-256:B270510E1C31428E475896BC32487EF50A2425AE793EA5662A2B09826E2E1F89
                                                                                                                                                                              SHA-512:094E8494AD8B0BF4F99A54876A3AA31CF46840E8C89ED812000D4D19991BA6073DC56978415D78ED83DCFB80668DE79019DF9D51947787A3188C0546823AF9DB
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              URL:https://shieldapps.com/wp-content/themes/shield-apps2/js/skip-link-focus-fix.js?ver=20151215
                                                                                                                                                                              Preview:............Qo.@...Oa.iMJsa....@CT......K.$..]t.4..;wi.6.=,.S.....v:..0./. ...ICj..:.lR.^....}.WlZ.=q.2..Z.!>@..l.ii..9@g.Lyk.F.V.\B...e.V.t..-.[.........b...;i..-f.bx.J.........k..,-F. U....`.I3...$..0....i.Hx!K.$.z.Z.......#jd].a@%D.L}..s4]....p..zt.|.7?.V.w...{!..z..d......<.ubji............F..;.....,.RU.../|d.G9.....+w....7._..g.`..yd<..H`.;...}?..X..3....j=d< ...>..`]@.....!....,...,....F....->Q..sf+.K'.o/.dO..Sm....n....%.......[).Mp...

                                                                                                                                                                              Static File Info

                                                                                                                                                                              General

                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Entropy (8bit):7.830936171823949
                                                                                                                                                                              TrID:
                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                              File name:PCPrivacyShieldSetup.exe
                                                                                                                                                                              File size:14'903'080 bytes
                                                                                                                                                                              MD5:36e634c5cd1d301df846df0d28f0db50
                                                                                                                                                                              SHA1:1daa5039a206eac01555c0554bc0772e477a9dca
                                                                                                                                                                              SHA256:681b61911a4e840540afad0f05af5669140e86d7c9d8a1377d50483d4e5d2352
                                                                                                                                                                              SHA512:133611c233be9b3f4db95514d7e25196c6fe1daf8aa76fdffe572ebd98e00a9f2fc918b7d02c0c6c9b28d45f54aa63c92d15486dffbb0100cde4072104d32c18
                                                                                                                                                                              SSDEEP:393216:lFx5CgKOlGO6btZkqF+vSW14FhXBDaRlISplQ2gOoW:7xwzOw7bgqFHnx+RMI
                                                                                                                                                                              TLSH:3BE60121764AC43BC66301B01A6C9A9E5228AF714BB654D7B3CC2E7F5BB45C31633E27
                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g..j#..9#..9#..9...8...9...8...9...8"..9l..80..9l..8:..9l..8J..9...89..9...8 ..9...8"..9#..9...9...8[..9..}9"..9#..9"..9...8"..

                                                                                                                                                                              File Icon

                                                                                                                                                                              Icon Hash:07e78db1b149278e

                                                                                                                                                                              Static PE Info

                                                                                                                                                                              General

                                                                                                                                                                              Entrypoint:0x5d0974
                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                              Digitally signed:true
                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                              Time Stamp:0x63C67ABF [Tue Jan 17 10:38:55 2023 UTC]
                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                              OS Version Major:6
                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                              File Version Major:6
                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                              Subsystem Version Major:6
                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                              Import Hash:8708d1fe1b5ff509570e29ce51663405

                                                                                                                                                                              Authenticode Signature

                                                                                                                                                                              Signature Valid:true
                                                                                                                                                                              Signature Issuer:CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB
                                                                                                                                                                              Signature Validation Error:The operation completed successfully
                                                                                                                                                                              Error Number:0
                                                                                                                                                                              Not Before, Not After
                                                                                                                                                                              • 28/12/2022 00:00:00 28/12/2023 23:59:59
                                                                                                                                                                              Subject Chain
                                                                                                                                                                              • CN=MOL Venture Inc, O=MOL Venture Inc, S=California, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=3633215
                                                                                                                                                                              Version:3
                                                                                                                                                                              Thumbprint MD5:F5E180E5177E238D1EACFCBAC8AD24CC
                                                                                                                                                                              Thumbprint SHA-1:050872599FF75C68D7FE5E361BF4C8F71AA24A08
                                                                                                                                                                              Thumbprint SHA-256:5A562E1E7A0C6233E1F9FFB4AF0200D701A38B506A67C7F9FC5AF4251B1C6546
                                                                                                                                                                              Serial:008BD600AE206934A3EFBB525F695229EB

                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                              Instruction
                                                                                                                                                                              call 00007F5B1C82A29Bh
                                                                                                                                                                              jmp 00007F5B1C829ACFh
                                                                                                                                                                              mov ecx, dword ptr [ebp-0Ch]
                                                                                                                                                                              mov dword ptr fs:[00000000h], ecx
                                                                                                                                                                              pop ecx
                                                                                                                                                                              pop edi
                                                                                                                                                                              pop edi
                                                                                                                                                                              pop esi
                                                                                                                                                                              pop ebx
                                                                                                                                                                              mov esp, ebp
                                                                                                                                                                              pop ebp
                                                                                                                                                                              push ecx
                                                                                                                                                                              ret
                                                                                                                                                                              mov ecx, dword ptr [ebp-10h]
                                                                                                                                                                              xor ecx, ebp
                                                                                                                                                                              call 00007F5B1C829123h
                                                                                                                                                                              jmp 00007F5B1C829C32h
                                                                                                                                                                              push eax
                                                                                                                                                                              push dword ptr fs:[00000000h]
                                                                                                                                                                              lea eax, dword ptr [esp+0Ch]
                                                                                                                                                                              sub esp, dword ptr [esp+0Ch]
                                                                                                                                                                              push ebx
                                                                                                                                                                              push esi
                                                                                                                                                                              push edi
                                                                                                                                                                              mov dword ptr [eax], ebp
                                                                                                                                                                              mov ebp, eax
                                                                                                                                                                              mov eax, dword ptr [006E4020h]
                                                                                                                                                                              xor eax, ebp
                                                                                                                                                                              push eax
                                                                                                                                                                              push dword ptr [ebp-04h]
                                                                                                                                                                              mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                                                                                              lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                              mov dword ptr fs:[00000000h], eax
                                                                                                                                                                              ret
                                                                                                                                                                              push eax
                                                                                                                                                                              push dword ptr fs:[00000000h]
                                                                                                                                                                              lea eax, dword ptr [esp+0Ch]
                                                                                                                                                                              sub esp, dword ptr [esp+0Ch]
                                                                                                                                                                              push ebx
                                                                                                                                                                              push esi
                                                                                                                                                                              push edi
                                                                                                                                                                              mov dword ptr [eax], ebp
                                                                                                                                                                              mov ebp, eax
                                                                                                                                                                              mov eax, dword ptr [006E4020h]
                                                                                                                                                                              xor eax, ebp
                                                                                                                                                                              push eax
                                                                                                                                                                              mov dword ptr [ebp-10h], eax
                                                                                                                                                                              push dword ptr [ebp-04h]
                                                                                                                                                                              mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                                                                                              lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                              mov dword ptr fs:[00000000h], eax
                                                                                                                                                                              ret
                                                                                                                                                                              push eax
                                                                                                                                                                              push dword ptr fs:[00000000h]
                                                                                                                                                                              lea eax, dword ptr [esp+0Ch]
                                                                                                                                                                              sub esp, dword ptr [esp+0Ch]
                                                                                                                                                                              push ebx
                                                                                                                                                                              push esi
                                                                                                                                                                              push edi
                                                                                                                                                                              mov dword ptr [eax], ebp
                                                                                                                                                                              mov ebp, eax
                                                                                                                                                                              mov eax, dword ptr [006E4020h]
                                                                                                                                                                              xor eax, ebp
                                                                                                                                                                              push eax
                                                                                                                                                                              mov dword ptr [ebp-10h], esp
                                                                                                                                                                              push dword ptr [ebp-04h]
                                                                                                                                                                              mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                                                                                              lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                              mov dword ptr fs:[00000000h], eax

                                                                                                                                                                              Data Directories

                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x2e227c0x28.rdata
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x2f10000x3c2b4.rsrc
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0xe339980x2d90
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x32e0000x279d0.reloc
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x2881980x70.rdata
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x2882400x18.rdata
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x259d500x40.rdata
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x2580000x2e8.rdata
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x2df6280x260.rdata
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                              Sections

                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                              .text0x10000x2565c60x256600c43bb55749d4e6afe074ae4c5e928207unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                              .rdata0x2580000x8b3620x8b4003578b0734f9c16d4148e671e512ef780False0.31233344086624776DOS executable (COM, 0x8C-variant)4.589712057407983IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                              .data0x2e40000xcf400x3a0098a0743219f09331732fa18ef3daa47cFalse0.26939655172413796data4.759003999867924IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                              .rsrc0x2f10000x3c2b40x3c4004423bc5a54d5e836da6d16dbff6488fcFalse0.17042839081950206data4.636436086582563IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                              .reloc0x32e0000x279d00x27a0004f61920e069cd0bab2a0ec44e678ec9False0.4466926261829653data6.522091148848096IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                              Resources

                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                              RT_BITMAP0x2f19a00x13eDevice independent bitmap graphic, 32 x 16 x 4, image size 258, resolution 2834 x 2834 px/m, 5 important colorsEnglishUnited States0.25471698113207547
                                                                                                                                                                              RT_BITMAP0x2f1ae00x828Device independent bitmap graphic, 32 x 16 x 32, image size 0EnglishUnited States0.03017241379310345
                                                                                                                                                                              RT_BITMAP0x2f23080x48a8Device independent bitmap graphic, 290 x 16 x 32, image size 0EnglishUnited States0.11881720430107527
                                                                                                                                                                              RT_BITMAP0x2f6bb00xa6aDevice independent bitmap graphic, 320 x 16 x 4, image size 2562, resolution 2834 x 2834 px/mEnglishUnited States0.21680420105026257
                                                                                                                                                                              RT_BITMAP0x2f761c0x152Device independent bitmap graphic, 32 x 16 x 4, image size 258, resolution 2834 x 2834 px/m, 10 important colorsEnglishUnited States0.5295857988165681
                                                                                                                                                                              RT_BITMAP0x2f77700x828Device independent bitmap graphic, 32 x 16 x 32, image size 0EnglishUnited States0.4875478927203065
                                                                                                                                                                              RT_ICON0x2f7f980x28b5PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9566260435658765
                                                                                                                                                                              RT_ICON0x2fa8500x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 11811 x 11811 px/mEnglishUnited States0.08357979415592097
                                                                                                                                                                              RT_ICON0x30b0780x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 11811 x 11811 px/mEnglishUnited States0.16190363722248466
                                                                                                                                                                              RT_ICON0x30f2a00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 11811 x 11811 px/mEnglishUnited States0.21784232365145229
                                                                                                                                                                              RT_ICON0x3118480x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 6400, resolution 11811 x 11811 px/mEnglishUnited States0.2485207100591716
                                                                                                                                                                              RT_ICON0x3132b00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 11811 x 11811 px/mEnglishUnited States0.2579737335834897
                                                                                                                                                                              RT_ICON0x3143580x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 11811 x 11811 px/mEnglishUnited States0.3176229508196721
                                                                                                                                                                              RT_ICON0x314ce00x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1600, resolution 11811 x 11811 px/mEnglishUnited States0.3470930232558139
                                                                                                                                                                              RT_ICON0x3153980x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 11811 x 11811 px/mEnglishUnited States0.3829787234042553
                                                                                                                                                                              RT_DIALOG0x3158000xacdataEnglishUnited States0.7151162790697675
                                                                                                                                                                              RT_DIALOG0x3158ac0xccdataEnglishUnited States0.6911764705882353
                                                                                                                                                                              RT_DIALOG0x3159780x1b4dataEnglishUnited States0.5458715596330275
                                                                                                                                                                              RT_DIALOG0x315b2c0x136dataEnglishUnited States0.6064516129032258
                                                                                                                                                                              RT_DIALOG0x315c640x4cdataEnglishUnited States0.8289473684210527
                                                                                                                                                                              RT_STRING0x315cb00x234dataEnglishUnited States0.4645390070921986
                                                                                                                                                                              RT_STRING0x315ee40x182dataEnglishUnited States0.5103626943005182
                                                                                                                                                                              RT_STRING0x3160680x50dataEnglishUnited States0.7375
                                                                                                                                                                              RT_STRING0x3160b80x9adataEnglishUnited States0.37662337662337664
                                                                                                                                                                              RT_STRING0x3161540x2f6dataEnglishUnited States0.449868073878628
                                                                                                                                                                              RT_STRING0x31644c0x5c0dataEnglishUnited States0.3498641304347826
                                                                                                                                                                              RT_STRING0x316a0c0x3c2dataEnglishUnited States0.35343035343035345
                                                                                                                                                                              RT_STRING0x316dd00x100dataEnglishUnited States0.5703125
                                                                                                                                                                              RT_STRING0x316ed00x484dataEnglishUnited States0.39186851211072665
                                                                                                                                                                              RT_STRING0x3173540x1eadataEnglishUnited States0.44081632653061226
                                                                                                                                                                              RT_STRING0x3175400x18adataEnglishUnited States0.5228426395939086
                                                                                                                                                                              RT_STRING0x3176cc0x216Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.46254681647940077
                                                                                                                                                                              RT_STRING0x3178e40x624dataEnglishUnited States0.3575063613231552
                                                                                                                                                                              RT_STRING0x317f080x660dataEnglishUnited States0.3474264705882353
                                                                                                                                                                              RT_STRING0x3185680x2e2dataEnglishUnited States0.4037940379403794
                                                                                                                                                                              RT_GROUP_ICON0x31884c0x84dataEnglishUnited States0.7121212121212122
                                                                                                                                                                              RT_VERSION0x3188d00x2f8dataEnglishUnited States0.44473684210526315
                                                                                                                                                                              RT_HTML0x318bc80x3835ASCII text, with very long lines (443), with CRLF line terminatorsEnglishUnited States0.08298005420807561
                                                                                                                                                                              RT_HTML0x31c4000x1316ASCII text, with CRLF line terminatorsEnglishUnited States0.18399508800654932
                                                                                                                                                                              RT_HTML0x31d7180x52bHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.36281179138321995
                                                                                                                                                                              RT_HTML0x31dc440x6acdHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.10679931238798873
                                                                                                                                                                              RT_HTML0x3247140x6a2HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3486454652532391
                                                                                                                                                                              RT_HTML0x324db80x104aHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.2170263788968825
                                                                                                                                                                              RT_HTML0x325e040x15b1HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.17612101566720692
                                                                                                                                                                              RT_HTML0x3273b80x205cexported SGML document, ASCII text, with very long lines (659), with CRLF line terminatorsEnglishUnited States0.13604538870111058
                                                                                                                                                                              RT_HTML0x3294140x368dHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.10834228428213391
                                                                                                                                                                              RT_MANIFEST0x32caa40x80fXML 1.0 document, ASCII text, with CRLF, LF line terminatorsEnglishUnited States0.40814348036839554

                                                                                                                                                                              Imports

                                                                                                                                                                              DLLImport
                                                                                                                                                                              KERNEL32.dllCreateFileW, CloseHandle, WriteFile, DeleteFileW, HeapDestroy, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, GetProcessHeap, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, CreateEventExW, WaitForSingleObject, SetEvent, RemoveDirectoryW, GetProcAddress, GetModuleHandleW, GetTempPathW, GetTempFileNameW, CreateDirectoryW, MoveFileW, GetLastError, EnterCriticalSection, LeaveCriticalSection, GetModuleFileNameW, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, GetCurrentThreadId, RaiseException, SetLastError, GlobalUnlock, GlobalLock, GlobalAlloc, MulDiv, lstrcmpW, CreateEventW, FindClose, FindFirstFileW, GetFullPathNameW, InitializeCriticalSection, lstrcpynW, CreateThread, LoadLibraryExW, GetCurrentProcess, Sleep, WideCharToMultiByte, GetDiskFreeSpaceExW, DecodePointer, GetExitCodeThread, GetCurrentProcessId, FreeLibrary, GetSystemDirectoryW, lstrlenW, VerifyVersionInfoW, VerSetConditionMask, lstrcmpiW, LoadLibraryW, GetDriveTypeW, CompareStringW, FindNextFileW, GetLogicalDriveStringsW, GetFileSize, GetFileAttributesW, GetShortPathNameW, SetFileAttributesW, GetFileTime, CopyFileW, ReadFile, SetFilePointer, SetFileTime, SystemTimeToFileTime, MultiByteToWideChar, GetSystemInfo, WaitForMultipleObjects, GetVersionExW, VirtualProtect, VirtualQuery, LoadLibraryExA, GetStringTypeW, SetUnhandledExceptionFilter, FileTimeToSystemTime, GetEnvironmentVariableW, GetSystemTime, GetDateFormatW, GetTimeFormatW, GetLocaleInfoW, CreateProcessW, GetExitCodeProcess, GetWindowsDirectoryW, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, FormatMessageW, GetEnvironmentStringsW, LocalFree, InitializeCriticalSectionEx, LoadLibraryA, GetModuleFileNameA, GetCurrentThread, GetConsoleOutputCP, FlushFileBuffers, Wow64DisableWow64FsRedirection, Wow64RevertWow64FsRedirection, IsWow64Process, SetConsoleTextAttribute, GetStdHandle, GetConsoleScreenBufferInfo, OutputDebugStringW, GetTickCount, GetCommandLineW, SetCurrentDirectoryW, SetEndOfFile, EnumResourceLanguagesW, GetSystemDefaultLangID, GetUserDefaultLangID, GetLocalTime, ResetEvent, GlobalFree, GetPrivateProfileStringW, GetPrivateProfileSectionNamesW, WritePrivateProfileStringW, CreateNamedPipeW, ConnectNamedPipe, TerminateThread, LocalAlloc, CompareFileTime, CopyFileExW, OpenEventW, PeekNamedPipe, WaitForSingleObjectEx, QueryPerformanceCounter, QueryPerformanceFrequency, EncodePointer, LCMapStringEx, CompareStringEx, GetCPInfo, GetSystemTimeAsFileTime, IsDebuggerPresent, InitializeSListHead, InterlockedPopEntrySList, InterlockedPushEntrySList, FlushInstructionCache, IsProcessorFeaturePresent, VirtualAlloc, VirtualFree, UnhandledExceptionFilter, TerminateProcess, GetStartupInfoW, RtlUnwind, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, ExitThread, FreeLibraryAndExitThread, GetModuleHandleExW, ExitProcess, GetFileType, LCMapStringW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetTimeZoneInformation, GetConsoleMode, GetFileSizeEx, SetFilePointerEx, FindFirstFileExW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, ReadConsoleW, WriteConsoleW, GetProcessAffinityMask, GetModuleHandleA, GlobalMemoryStatus, ReleaseSemaphore, CreateSemaphoreW

                                                                                                                                                                              Possible Origin

                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                              EnglishUnited States

                                                                                                                                                                              Network Behavior

                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                              TCP Packets

                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                              Oct 30, 2024 17:52:02.708312035 CET49675443192.168.2.4173.222.162.32
                                                                                                                                                                              Oct 30, 2024 17:52:15.440948963 CET49733443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:15.440992117 CET4434973320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:15.441063881 CET49733443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:15.442852020 CET49733443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:15.442862034 CET4434973320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:16.255938053 CET4434973320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:16.256007910 CET49733443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:16.334809065 CET49733443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:16.334840059 CET4434973320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:16.335155010 CET4434973320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:16.380227089 CET49733443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:17.345005989 CET49733443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:17.391339064 CET4434973320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:17.611967087 CET4434973320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:17.611995935 CET4434973320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:17.612005949 CET4434973320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:17.612010956 CET4434973320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:17.612051010 CET4434973320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:17.612061024 CET49733443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:17.612077951 CET4434973320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:17.612087011 CET49733443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:17.612099886 CET49733443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:17.612123966 CET49733443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:17.613039970 CET4434973320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:17.613092899 CET49733443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:17.613096952 CET4434973320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:17.613116980 CET4434973320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:17.613152027 CET49733443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:18.502186060 CET49733443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:18.502229929 CET4434973320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:19.207045078 CET49738443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:19.207086086 CET44349738149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:19.207160950 CET49738443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:19.222794056 CET49738443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:19.222809076 CET44349738149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:20.084881067 CET44349738149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:20.084974051 CET49738443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:20.089771032 CET49738443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:20.089777946 CET44349738149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:20.090193987 CET44349738149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:20.143760920 CET49738443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:20.187330961 CET44349738149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:20.392024994 CET44349738149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:20.394489050 CET49738443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:20.394510031 CET44349738149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:20.451272011 CET4972380192.168.2.4199.232.214.172
                                                                                                                                                                              Oct 30, 2024 17:52:20.457350016 CET8049723199.232.214.172192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:20.457588911 CET4972380192.168.2.4199.232.214.172
                                                                                                                                                                              Oct 30, 2024 17:52:20.647391081 CET44349738149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:20.647607088 CET44349738149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:20.649900913 CET49738443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:20.658473015 CET49738443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:23.699903011 CET49740443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:23.699960947 CET44349740149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:23.700181961 CET49740443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:23.705986023 CET49740443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:23.705997944 CET44349740149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:23.839406013 CET49741443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:23.839452028 CET44349741149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:23.839529991 CET49741443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:23.845015049 CET49741443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:23.845029116 CET44349741149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:24.560127020 CET44349740149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:24.560239077 CET49740443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:24.564301014 CET49740443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:24.564310074 CET44349740149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:24.564542055 CET44349740149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:24.614605904 CET49740443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:24.660196066 CET49740443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:24.703341961 CET44349740149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:24.855834007 CET44349741149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:24.855921984 CET49741443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:24.857372046 CET49741443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:24.857383966 CET44349741149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:24.857724905 CET44349741149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:24.942785978 CET49741443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:24.976316929 CET49741443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:25.006244898 CET49740443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:25.006283998 CET44349740149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:25.023338079 CET44349741149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:25.097949982 CET44349740149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:25.145898104 CET49740443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:25.323784113 CET44349741149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:25.324233055 CET49741443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:25.324254990 CET44349741149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:25.346237898 CET44349740149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:25.346306086 CET44349740149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:25.346509933 CET49740443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:25.349703074 CET49740443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:26.018053055 CET44349741149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:26.018151999 CET44349741149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:26.018232107 CET49741443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:26.021469116 CET49741443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:26.369338036 CET49742443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:26.369399071 CET44349742149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:26.370054960 CET49742443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:26.370354891 CET49742443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:26.370362997 CET44349742149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:27.225411892 CET44349742149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:27.238295078 CET49742443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:27.238323927 CET44349742149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:27.486186028 CET44349742149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:27.486406088 CET49742443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:27.486418962 CET44349742149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:27.545520067 CET49743443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:27.545572042 CET44349743149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:27.545670986 CET49743443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:27.550404072 CET49743443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:27.550429106 CET44349743149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:27.992158890 CET44349742149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:27.992254972 CET44349742149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:27.992301941 CET49742443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:27.992669106 CET49742443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:28.393526077 CET44349743149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:28.393840075 CET49743443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:28.395349979 CET49743443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:28.395359039 CET44349743149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:28.395690918 CET44349743149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:28.502696991 CET49743443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:28.547348976 CET44349743149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:28.742043018 CET44349743149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:28.742463112 CET49743443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:28.742480993 CET44349743149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:29.209814072 CET44349743149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:29.209897995 CET44349743149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:29.210033894 CET49743443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:29.210997105 CET49743443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:34.730495930 CET49747443192.168.2.42.19.244.127
                                                                                                                                                                              Oct 30, 2024 17:52:34.730557919 CET443497472.19.244.127192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:34.730623007 CET49747443192.168.2.42.19.244.127
                                                                                                                                                                              Oct 30, 2024 17:52:34.731859922 CET49747443192.168.2.42.19.244.127
                                                                                                                                                                              Oct 30, 2024 17:52:34.731883049 CET443497472.19.244.127192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:35.601241112 CET443497472.19.244.127192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:35.601332903 CET49747443192.168.2.42.19.244.127
                                                                                                                                                                              Oct 30, 2024 17:52:35.618212938 CET49747443192.168.2.42.19.244.127
                                                                                                                                                                              Oct 30, 2024 17:52:35.618252993 CET443497472.19.244.127192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:35.618597984 CET443497472.19.244.127192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:35.690438986 CET49747443192.168.2.42.19.244.127
                                                                                                                                                                              Oct 30, 2024 17:52:35.735335112 CET443497472.19.244.127192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:35.945467949 CET443497472.19.244.127192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:35.945554972 CET443497472.19.244.127192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:35.945672989 CET49747443192.168.2.42.19.244.127
                                                                                                                                                                              Oct 30, 2024 17:52:36.010267973 CET49747443192.168.2.42.19.244.127
                                                                                                                                                                              Oct 30, 2024 17:52:36.010308027 CET443497472.19.244.127192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:36.137048006 CET49748443192.168.2.42.19.244.127
                                                                                                                                                                              Oct 30, 2024 17:52:36.137104034 CET443497482.19.244.127192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:36.137289047 CET49748443192.168.2.42.19.244.127
                                                                                                                                                                              Oct 30, 2024 17:52:36.137603045 CET49748443192.168.2.42.19.244.127
                                                                                                                                                                              Oct 30, 2024 17:52:36.137618065 CET443497482.19.244.127192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:36.392616034 CET49750443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:36.392720938 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:36.392805099 CET49750443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:36.393162966 CET49750443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:36.393193007 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:36.428801060 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:36.428864002 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:36.429241896 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:36.433479071 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:36.433543921 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:36.988631964 CET443497482.19.244.127192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:36.988708973 CET49748443192.168.2.42.19.244.127
                                                                                                                                                                              Oct 30, 2024 17:52:37.003992081 CET49748443192.168.2.42.19.244.127
                                                                                                                                                                              Oct 30, 2024 17:52:37.004040956 CET443497482.19.244.127192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.004276991 CET443497482.19.244.127192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.006093979 CET49748443192.168.2.42.19.244.127
                                                                                                                                                                              Oct 30, 2024 17:52:37.051354885 CET443497482.19.244.127192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.071717024 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.072287083 CET49750443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:37.072312117 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.073312998 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.073380947 CET49750443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:37.076180935 CET49750443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:37.076293945 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.077022076 CET49750443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:37.077044010 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.112903118 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.113209009 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:37.113241911 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.114427090 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.114509106 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:37.115715981 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:37.115782976 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.225027084 CET49750443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:37.240247965 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:37.240267038 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.257327080 CET443497482.19.244.127192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.257410049 CET443497482.19.244.127192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.258131981 CET49748443192.168.2.42.19.244.127
                                                                                                                                                                              Oct 30, 2024 17:52:37.258503914 CET49748443192.168.2.42.19.244.127
                                                                                                                                                                              Oct 30, 2024 17:52:37.258526087 CET443497482.19.244.127192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.258538008 CET49748443192.168.2.42.19.244.127
                                                                                                                                                                              Oct 30, 2024 17:52:37.258543015 CET443497482.19.244.127192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.418809891 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:37.656683922 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.656711102 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.656718969 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.656739950 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.656764030 CET49750443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:37.656788111 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.656802893 CET49750443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:37.724392891 CET49750443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:37.773889065 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.773907900 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.773931026 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.773950100 CET49750443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:37.773978949 CET49750443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:37.773988008 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.774827003 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.774835110 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.774854898 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.774872065 CET49750443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:37.774877071 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.774902105 CET49750443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:37.776061058 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.776071072 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.776096106 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.776102066 CET49750443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:37.776106119 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.776130915 CET49750443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:37.777615070 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.777621984 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.777909994 CET49750443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:37.777915001 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.891969919 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.892009020 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.892083883 CET49750443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:37.892100096 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.892848969 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.892858028 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.892884970 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.892904043 CET49750443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:37.892910004 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.892936945 CET49750443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:37.893662930 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.893671036 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.893696070 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.893728971 CET49750443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:37.893735886 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:37.893758059 CET49750443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.115329981 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.115461111 CET49750443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.249470949 CET49754443192.168.2.4142.250.186.164
                                                                                                                                                                              Oct 30, 2024 17:52:38.249514103 CET44349754142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.250330925 CET49754443192.168.2.4142.250.186.164
                                                                                                                                                                              Oct 30, 2024 17:52:38.250580072 CET49754443192.168.2.4142.250.186.164
                                                                                                                                                                              Oct 30, 2024 17:52:38.250590086 CET44349754142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.318094969 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.318183899 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.318254948 CET49750443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.670665026 CET49750443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.670697927 CET4434975050.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.681068897 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.681456089 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.681494951 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.681551933 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.682029009 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.682075024 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.682132006 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.682312012 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.682339907 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.682385921 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.682539940 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.682548046 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.682838917 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.683594942 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.683607101 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.683653116 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.684932947 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.684957027 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.685163021 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.685177088 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.685297012 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.685314894 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.685457945 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.685471058 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.685587883 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.685595989 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.693423033 CET49761443192.168.2.4151.101.194.137
                                                                                                                                                                              Oct 30, 2024 17:52:38.693449020 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.693576097 CET49761443192.168.2.4151.101.194.137
                                                                                                                                                                              Oct 30, 2024 17:52:38.693823099 CET49761443192.168.2.4151.101.194.137
                                                                                                                                                                              Oct 30, 2024 17:52:38.693844080 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.727338076 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.846756935 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.846792936 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.846802950 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.846843004 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.846847057 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.846864939 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.846883059 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.931258917 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.965768099 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.965787888 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.965830088 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.965862036 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.965903044 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.966515064 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.966530085 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.966581106 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.966590881 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.966636896 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.967561960 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.967573881 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.967592001 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.967617035 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.967645884 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.969027996 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.969044924 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.969078064 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.969083071 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:38.969129086 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.087503910 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.087522030 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.087585926 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.087605000 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.087615967 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.087646961 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.087654114 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.087658882 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.087681055 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.087687016 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.087692022 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.087692976 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.087718010 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.087718964 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.087747097 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.087753057 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.087779045 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.087805033 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.087810040 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.087867022 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.106798887 CET44349754142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.107063055 CET49754443192.168.2.4142.250.186.164
                                                                                                                                                                              Oct 30, 2024 17:52:39.107090950 CET44349754142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.108136892 CET44349754142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.108207941 CET49754443192.168.2.4142.250.186.164
                                                                                                                                                                              Oct 30, 2024 17:52:39.119376898 CET49754443192.168.2.4142.250.186.164
                                                                                                                                                                              Oct 30, 2024 17:52:39.119503021 CET44349754142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.204885006 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.204998016 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.205331087 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.205388069 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.206393957 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.206458092 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.206469059 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.218019009 CET49754443192.168.2.4142.250.186.164
                                                                                                                                                                              Oct 30, 2024 17:52:39.218044043 CET44349754142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.226213932 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.226234913 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.316088915 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.318794012 CET49754443192.168.2.4142.250.186.164
                                                                                                                                                                              Oct 30, 2024 17:52:39.319670916 CET49761443192.168.2.4151.101.194.137
                                                                                                                                                                              Oct 30, 2024 17:52:39.319690943 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.320782900 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.320868015 CET49761443192.168.2.4151.101.194.137
                                                                                                                                                                              Oct 30, 2024 17:52:39.322043896 CET49761443192.168.2.4151.101.194.137
                                                                                                                                                                              Oct 30, 2024 17:52:39.322115898 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.322289944 CET49761443192.168.2.4151.101.194.137
                                                                                                                                                                              Oct 30, 2024 17:52:39.322299004 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.352133036 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.360799074 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.361236095 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.364948034 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.364973068 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.365041018 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.365072966 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.365102053 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.365175962 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.365194082 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.365324974 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.365333080 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.365643978 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.365673065 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.366399050 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.366476059 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.367718935 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.367845058 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.368010044 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.368036985 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.368230104 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.368263960 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.368298054 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.368345976 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.368393898 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.368452072 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.368527889 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.368845940 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.368921041 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.369265079 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.369451046 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.369627953 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.369703054 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.369831085 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.369998932 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.370011091 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.370066881 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.370095968 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.370102882 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.370109081 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.370419025 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.396075964 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.396192074 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.396215916 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.411370993 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.415333033 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.427527905 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.427797079 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.442792892 CET49761443192.168.2.4151.101.194.137
                                                                                                                                                                              Oct 30, 2024 17:52:39.442799091 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.442802906 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.445193052 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.533909082 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.533945084 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.534004927 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.534023046 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.534068108 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.534089088 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.534138918 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.534167051 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.535558939 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.535682917 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.535705090 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.535727024 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.535744905 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.535765886 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.535794020 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.536962986 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.536997080 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.537005901 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.537044048 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.537051916 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.537065983 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.537103891 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.543384075 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.543477058 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.543541908 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.543572903 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.554934025 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.554946899 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.555222034 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.560734987 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.560743093 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.560782909 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.560798883 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.560810089 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.560826063 CET49761443192.168.2.4151.101.194.137
                                                                                                                                                                              Oct 30, 2024 17:52:39.560826063 CET49761443192.168.2.4151.101.194.137
                                                                                                                                                                              Oct 30, 2024 17:52:39.560842991 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.560863972 CET49761443192.168.2.4151.101.194.137
                                                                                                                                                                              Oct 30, 2024 17:52:39.560868025 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.560909033 CET49761443192.168.2.4151.101.194.137
                                                                                                                                                                              Oct 30, 2024 17:52:39.562845945 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.562854052 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.562886000 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.562894106 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.562902927 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.562916040 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.562944889 CET49761443192.168.2.4151.101.194.137
                                                                                                                                                                              Oct 30, 2024 17:52:39.562954903 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.562993050 CET49761443192.168.2.4151.101.194.137
                                                                                                                                                                              Oct 30, 2024 17:52:39.599330902 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.606363058 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.606513023 CET49761443192.168.2.4151.101.194.137
                                                                                                                                                                              Oct 30, 2024 17:52:39.618685961 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.618720055 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.618762016 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.637465954 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.637482882 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.637530088 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.637535095 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.637577057 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.652487040 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.652504921 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.652540922 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.652556896 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.652561903 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.652591944 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.652609110 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.652631044 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.654342890 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.654351950 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.654412031 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.654412985 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.654463053 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.655735016 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.655742884 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.655791044 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.658433914 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.658449888 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.658484936 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.658525944 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.658552885 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.659424067 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.659435034 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.659492016 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.660377026 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.660387993 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.660439014 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.661484003 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.661494017 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.661544085 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.676316023 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.676331043 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.676362038 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.676373959 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.676402092 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.676409006 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.676419020 CET49761443192.168.2.4151.101.194.137
                                                                                                                                                                              Oct 30, 2024 17:52:39.676635027 CET49761443192.168.2.4151.101.194.137
                                                                                                                                                                              Oct 30, 2024 17:52:39.676635027 CET49761443192.168.2.4151.101.194.137
                                                                                                                                                                              Oct 30, 2024 17:52:39.677807093 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.677820921 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.677845955 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.677874088 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.677957058 CET49761443192.168.2.4151.101.194.137
                                                                                                                                                                              Oct 30, 2024 17:52:39.677957058 CET49761443192.168.2.4151.101.194.137
                                                                                                                                                                              Oct 30, 2024 17:52:39.677972078 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.679660082 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.679687023 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.679718018 CET49761443192.168.2.4151.101.194.137
                                                                                                                                                                              Oct 30, 2024 17:52:39.679727077 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.679734945 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.679765940 CET49761443192.168.2.4151.101.194.137
                                                                                                                                                                              Oct 30, 2024 17:52:39.679812908 CET49761443192.168.2.4151.101.194.137
                                                                                                                                                                              Oct 30, 2024 17:52:39.679872036 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.679950953 CET49761443192.168.2.4151.101.194.137
                                                                                                                                                                              Oct 30, 2024 17:52:39.679955959 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.680053949 CET49761443192.168.2.4151.101.194.137
                                                                                                                                                                              Oct 30, 2024 17:52:39.719316959 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.719548941 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.719568968 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.719641924 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.719707966 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.720119953 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.720195055 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.720212936 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.734110117 CET49761443192.168.2.4151.101.194.137
                                                                                                                                                                              Oct 30, 2024 17:52:39.734129906 CET44349761151.101.194.137192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.745640993 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.745671988 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.750858068 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.750873089 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.754394054 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.754404068 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.754473925 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.755177021 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.755184889 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.755242109 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.772016048 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.772042036 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.772114038 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.773080111 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.773101091 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.773142099 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.773192883 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.774821043 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.774856091 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.774914026 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.775187016 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.775260925 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.775852919 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.775923014 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.776627064 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.776710033 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.777517080 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.777589083 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.777601004 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.777971029 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.778034925 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.778923035 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.778992891 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.872333050 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.872442007 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.889667988 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.889754057 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.890548944 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.890620947 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.891427994 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.891505957 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.891508102 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.891524076 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:39.891557932 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:39.929478884 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.036943913 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.170346975 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.170360088 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.170397997 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.170418024 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.170454025 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.171252012 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.171264887 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.171356916 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.171386957 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.172141075 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.172204018 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.172226906 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.173075914 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.173141003 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.173161030 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.175888062 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.175896883 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.175951958 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.176759005 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.176817894 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.176843882 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.177653074 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.177660942 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.177721977 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.179142952 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.179182053 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.179187059 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.179197073 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.179219961 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.179246902 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.179271936 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.179301977 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.179301977 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.180883884 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.180963993 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.181446075 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.181526899 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.182435989 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.182497025 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.183298111 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.183341026 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.183362007 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.183368921 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.183410883 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.183532953 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.184794903 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.184870005 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.184946060 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.185007095 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.186049938 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.186053991 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.186104059 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.186148882 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.186184883 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.187020063 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.187088966 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.187453985 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.187513113 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.187874079 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.187928915 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.188812017 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.188879967 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.189708948 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.189794064 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.190057993 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.190128088 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.190498114 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.190576077 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.191251993 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.191512108 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.192183971 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.192259073 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.231235981 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.231575966 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.231610060 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.231682062 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.231751919 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.231772900 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.267421961 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.267510891 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.268074036 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.268132925 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.268452883 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.268507004 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.268870115 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.268929958 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.269462109 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.269524097 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.270087004 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.270145893 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.270700932 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.270764112 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.271004915 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.271065950 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.271760941 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.271822929 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.271822929 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.271835089 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.271877050 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.273468018 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.273559093 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.275331974 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.276457071 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.276545048 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.276921988 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.276972055 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.277473927 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.277529001 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.277862072 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.277909994 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.278343916 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.278381109 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.278400898 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.278415918 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.278426886 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.279323101 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.386317015 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.386401892 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.398710012 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.398787975 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.399163008 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.399180889 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.399224043 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.399241924 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.399281979 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.399502039 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.399514914 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.399544001 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.399548054 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.399605036 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.400182962 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.400193930 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.400230885 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.400237083 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.400275946 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.400692940 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.400702953 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.400738955 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.400743961 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.400783062 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.401134014 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.401144028 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.401180029 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.401184082 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.401221037 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.401519060 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.401529074 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.401595116 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.402268887 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.402333975 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.408667088 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.408684969 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.408751965 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.408773899 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.410783052 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.410844088 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.437565088 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.481343985 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.481380939 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.516316891 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.516410112 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.516654968 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.516711950 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.517159939 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.517236948 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.517488003 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.517544985 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.518587112 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.518625021 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.518666983 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.518949986 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.519009113 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.519618034 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.519709110 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.519716978 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.519773960 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.520459890 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.520530939 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.522481918 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.522551060 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.522788048 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.522840977 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.523235083 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.523298025 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.523432970 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.523499012 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.527482986 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.527498007 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.527546883 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.527561903 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.527585983 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.527604103 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.527616024 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.527627945 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.527631998 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.527650118 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.531335115 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.531344891 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.531395912 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.531402111 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.531410933 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.531450987 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.573112965 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.573126078 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.573224068 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.573256016 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.605125904 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.605153084 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.605335951 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.605370045 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.636089087 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.636181116 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.636260986 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.636326075 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.636599064 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.636657953 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.637130976 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.637183905 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.637681961 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.637744904 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.645755053 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.645838976 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.645854950 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.651721001 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.651735067 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.651765108 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.651808023 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.651846886 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.651858091 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.652072906 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.652086973 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.652113914 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.652127028 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.652136087 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.741864920 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.741868973 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.771070004 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.771106005 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.771123886 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.771222115 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.771259069 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.771279097 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.801799059 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.801947117 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.843198061 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.844567060 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.844613075 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.853462934 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.853491068 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.858405113 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.858422041 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.863292933 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.863321066 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.877857924 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.877873898 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.885967970 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.886001110 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.886023045 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.886056900 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.886082888 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.886101961 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.886401892 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.886421919 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.886439085 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.886451006 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.886461973 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.886480093 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.887075901 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.887094021 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.887114048 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.887125015 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.887135029 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.887159109 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.887896061 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.887916088 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.887938023 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.887948990 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.887954950 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.887994051 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.929363012 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.929399967 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:40.935493946 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:40.935512066 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.016062975 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.016139984 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.022200108 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.023437977 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.023454905 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.023526907 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.023554087 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.023992062 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.024045944 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.024055004 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.024184942 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.024230003 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.024235010 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.024662971 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.024689913 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.024847984 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.024904013 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.024910927 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.024925947 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.024965048 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.025799990 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.025888920 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.026689053 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.026750088 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.027267933 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.027333975 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.027340889 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.027354956 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.027390003 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.028212070 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.028270960 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.028278112 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.028285980 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.028314114 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.028331995 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.029272079 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.029294968 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.029365063 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.029383898 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.029443026 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.029699087 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.029711008 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.029741049 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.029745102 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.029769897 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.029814005 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.030247927 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.030258894 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.030299902 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.030301094 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.030344963 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.031269073 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.031301975 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.031434059 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.051417112 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.051429033 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.051486969 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.051512003 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.051529884 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.051541090 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.051541090 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.051578045 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.051582098 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.051619053 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.051651001 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.051734924 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.051791906 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.052211046 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.052251101 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.052262068 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.052267075 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.052298069 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.052316904 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.053141117 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.053190947 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.053212881 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.053216934 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.053250074 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.053271055 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.053981066 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.054045916 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.054061890 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.054065943 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.054114103 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.101907015 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.101943970 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.101999998 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.102016926 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.102057934 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.102693081 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.102716923 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.102734089 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.102757931 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.102797031 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.102905035 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.102922916 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.102962971 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.102989912 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.103775024 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.103797913 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.103837967 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.103864908 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.104661942 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.104696989 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.104733944 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.104751110 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.105595112 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.105675936 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.142374992 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.142463923 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.142745018 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.142802954 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.143263102 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.143326998 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.143807888 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.143877029 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.144100904 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.144162893 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.144829988 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.144887924 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.144896984 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.144911051 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.144941092 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.144962072 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.145766973 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.145838976 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.145844936 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.145909071 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.146599054 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.146689892 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.147449970 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.147464991 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.147532940 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.148089886 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.148099899 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.148161888 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.148479939 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.148492098 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.148545027 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.148792028 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.148802996 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.148853064 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.149432898 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.149442911 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.149501085 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.149837971 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.149908066 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.150439978 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.150507927 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.151428938 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.151493073 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.167501926 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.167610884 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.169282913 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.169348955 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.169760942 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.169825077 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.170216084 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.170278072 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.170463085 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.170526028 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.171005011 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.171066046 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.171490908 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.171557903 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.172415018 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.172473907 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.172481060 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.172533035 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.173238039 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.173302889 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.191543102 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.191557884 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.191601038 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.191607952 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.191648960 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.197721958 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.197741985 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.197774887 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.197804928 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.197844982 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.198175907 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.198185921 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.198209047 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.198225975 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.198249102 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.198487997 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.198498011 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.198522091 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.198540926 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.198576927 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.217323065 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.217413902 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.217513084 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.217572927 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.217979908 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.218049049 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.218563080 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.218625069 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.218907118 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.218974113 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.219460011 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.219547033 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.219944954 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.220016956 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.220040083 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.220093012 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.261226892 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.261317968 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.261449099 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.261511087 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.261782885 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.261853933 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.262490988 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.262551069 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.262561083 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.262614012 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.263457060 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.263515949 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.263535023 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.263544083 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.263586998 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.263586998 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.264472961 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.264549017 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.264554024 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.266469002 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.266549110 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.266772985 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.266839981 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.267421007 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.267488956 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.267618895 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.267673016 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.267950058 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.268019915 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.268403053 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.268455982 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.268768072 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.268822908 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.269232988 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.269319057 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.270241022 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.270257950 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.271495104 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.271562099 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.271727085 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.271792889 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.307368994 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.307446957 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.307672977 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.307734966 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.308046103 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.308079958 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.308099031 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.308109999 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.308140039 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.308159113 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.308525085 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.308538914 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.308588982 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.308856010 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.308864117 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.308913946 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.309940100 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.309947968 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.310023069 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.311656952 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.311661005 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.311666012 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.311667919 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.311733007 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.316416979 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.316423893 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.316473007 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.316725969 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.316745996 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.316792011 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.317025900 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.317033052 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.317082882 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.317496061 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.317506075 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.317559958 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.317765951 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.317774057 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.317821980 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.318334103 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.318341970 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.318392992 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.318661928 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.318731070 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.333086967 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.333170891 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.333318949 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.333406925 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.333789110 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.333848953 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.334038019 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.334105015 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.334702969 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.334767103 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.334907055 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.334976912 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.335777044 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.335859060 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.336219072 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.336296082 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.336313963 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.336368084 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.338594913 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.338676929 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.386209011 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.386290073 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.386487007 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.386534929 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.386552095 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.386564016 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.386642933 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.422053099 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.422077894 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.425290108 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.425302982 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.425374985 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.425905943 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.425976038 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.426635027 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.426716089 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.427647114 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.427723885 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.428580046 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.428651094 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.429486036 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.429558039 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.430474997 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.430542946 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.435256004 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.435329914 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.435811996 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.435823917 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.435863972 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.435910940 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.436471939 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.436531067 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.436640024 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.436691046 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.437201977 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.437242031 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.437266111 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.437280893 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.437295914 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.437316895 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.437936068 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.437985897 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.438236952 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.438293934 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.438492060 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.438543081 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.438935995 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.438988924 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.439387083 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.439448118 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.439557076 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.439615965 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.449441910 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.449511051 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.449529886 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.449561119 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.449574947 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.449603081 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.479873896 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.479944944 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.479960918 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.480381966 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.480434895 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.480442047 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.480741024 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.480798960 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.480803013 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.480885983 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.480926991 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.480932951 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.542428970 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.542514086 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.542730093 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.542807102 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.543272972 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.543344021 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.543844938 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.543909073 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.544305086 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.544367075 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.544730902 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.544775009 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.545253992 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.545314074 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.545521975 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.545579910 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.547930956 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.548002005 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.548276901 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.548383951 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.549020052 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.549098969 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.549649000 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.549706936 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.549942970 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.550012112 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.555958033 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.556006908 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.556040049 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.556066990 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.556082010 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.556102991 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.601989985 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.602010965 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.602068901 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.602092028 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.602291107 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.602354050 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.602361917 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.602435112 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.611659050 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.611670017 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.612234116 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.612262011 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.630156040 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.662173986 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.662245035 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.782675982 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.782771111 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.958062887 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.983845949 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:41.983874083 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:42.152966022 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:42.153060913 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:42.318275928 CET4973180192.168.2.4172.64.149.23
                                                                                                                                                                              Oct 30, 2024 17:52:42.318382978 CET4973080192.168.2.4104.18.38.233
                                                                                                                                                                              Oct 30, 2024 17:52:42.325103998 CET8049731172.64.149.23192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:42.325158119 CET4973180192.168.2.4172.64.149.23
                                                                                                                                                                              Oct 30, 2024 17:52:42.325186968 CET8049730104.18.38.233192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:42.325237989 CET4973080192.168.2.4104.18.38.233
                                                                                                                                                                              Oct 30, 2024 17:52:42.374775887 CET49771443192.168.2.4142.250.185.100
                                                                                                                                                                              Oct 30, 2024 17:52:42.374800920 CET44349771142.250.185.100192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:42.374946117 CET49771443192.168.2.4142.250.185.100
                                                                                                                                                                              Oct 30, 2024 17:52:42.375564098 CET49771443192.168.2.4142.250.185.100
                                                                                                                                                                              Oct 30, 2024 17:52:42.375576973 CET44349771142.250.185.100192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:42.615281105 CET49774443192.168.2.474.125.133.154
                                                                                                                                                                              Oct 30, 2024 17:52:42.615338087 CET4434977474.125.133.154192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:42.615516901 CET49774443192.168.2.474.125.133.154
                                                                                                                                                                              Oct 30, 2024 17:52:42.615864992 CET49775443192.168.2.4142.250.186.110
                                                                                                                                                                              Oct 30, 2024 17:52:42.615895033 CET44349775142.250.186.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:42.616095066 CET49774443192.168.2.474.125.133.154
                                                                                                                                                                              Oct 30, 2024 17:52:42.616108894 CET4434977474.125.133.154192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:42.616131067 CET49775443192.168.2.4142.250.186.110
                                                                                                                                                                              Oct 30, 2024 17:52:42.616295099 CET49775443192.168.2.4142.250.186.110
                                                                                                                                                                              Oct 30, 2024 17:52:42.616312027 CET44349775142.250.186.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:42.618947029 CET49776443192.168.2.4142.250.186.162
                                                                                                                                                                              Oct 30, 2024 17:52:42.618984938 CET44349776142.250.186.162192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:42.619143009 CET49776443192.168.2.4142.250.186.162
                                                                                                                                                                              Oct 30, 2024 17:52:42.619415045 CET49776443192.168.2.4142.250.186.162
                                                                                                                                                                              Oct 30, 2024 17:52:42.619431973 CET44349776142.250.186.162192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.248204947 CET44349771142.250.185.100192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.318648100 CET49771443192.168.2.4142.250.185.100
                                                                                                                                                                              Oct 30, 2024 17:52:43.454210997 CET4434977474.125.133.154192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.472464085 CET44349776142.250.186.162192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.489365101 CET44349775142.250.186.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.541022062 CET49774443192.168.2.474.125.133.154
                                                                                                                                                                              Oct 30, 2024 17:52:43.543534994 CET49775443192.168.2.4142.250.186.110
                                                                                                                                                                              Oct 30, 2024 17:52:43.543539047 CET49776443192.168.2.4142.250.186.162
                                                                                                                                                                              Oct 30, 2024 17:52:43.558202982 CET49771443192.168.2.4142.250.185.100
                                                                                                                                                                              Oct 30, 2024 17:52:43.558223009 CET44349771142.250.185.100192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.558567047 CET49774443192.168.2.474.125.133.154
                                                                                                                                                                              Oct 30, 2024 17:52:43.558583975 CET4434977474.125.133.154192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.558715105 CET49775443192.168.2.4142.250.186.110
                                                                                                                                                                              Oct 30, 2024 17:52:43.558722973 CET44349775142.250.186.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.558859110 CET49776443192.168.2.4142.250.186.162
                                                                                                                                                                              Oct 30, 2024 17:52:43.558864117 CET44349776142.250.186.162192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.559228897 CET44349775142.250.186.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.559242010 CET44349775142.250.186.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.559289932 CET49775443192.168.2.4142.250.186.110
                                                                                                                                                                              Oct 30, 2024 17:52:43.560008049 CET44349775142.250.186.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.560039043 CET44349776142.250.186.162192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.560053110 CET44349776142.250.186.162192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.560065031 CET49775443192.168.2.4142.250.186.110
                                                                                                                                                                              Oct 30, 2024 17:52:43.560098886 CET49776443192.168.2.4142.250.186.162
                                                                                                                                                                              Oct 30, 2024 17:52:43.562028885 CET44349771142.250.185.100192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.562067032 CET44349771142.250.185.100192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.562093973 CET49771443192.168.2.4142.250.185.100
                                                                                                                                                                              Oct 30, 2024 17:52:43.562411070 CET4434977474.125.133.154192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.562448978 CET4434977474.125.133.154192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.562474966 CET49774443192.168.2.474.125.133.154
                                                                                                                                                                              Oct 30, 2024 17:52:43.590468884 CET49775443192.168.2.4142.250.186.110
                                                                                                                                                                              Oct 30, 2024 17:52:43.590601921 CET44349775142.250.186.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.593367100 CET49771443192.168.2.4142.250.185.100
                                                                                                                                                                              Oct 30, 2024 17:52:43.593499899 CET44349771142.250.185.100192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.594338894 CET49776443192.168.2.4142.250.186.162
                                                                                                                                                                              Oct 30, 2024 17:52:43.594446898 CET44349776142.250.186.162192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.594679117 CET49774443192.168.2.474.125.133.154
                                                                                                                                                                              Oct 30, 2024 17:52:43.595056057 CET4434977474.125.133.154192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.595985889 CET49775443192.168.2.4142.250.186.110
                                                                                                                                                                              Oct 30, 2024 17:52:43.595999002 CET44349775142.250.186.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.596550941 CET49771443192.168.2.4142.250.185.100
                                                                                                                                                                              Oct 30, 2024 17:52:43.596561909 CET44349771142.250.185.100192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.596642017 CET49776443192.168.2.4142.250.186.162
                                                                                                                                                                              Oct 30, 2024 17:52:43.596652985 CET44349776142.250.186.162192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.597121000 CET49774443192.168.2.474.125.133.154
                                                                                                                                                                              Oct 30, 2024 17:52:43.597136021 CET4434977474.125.133.154192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.722943068 CET49771443192.168.2.4142.250.185.100
                                                                                                                                                                              Oct 30, 2024 17:52:43.738373995 CET49775443192.168.2.4142.250.186.110
                                                                                                                                                                              Oct 30, 2024 17:52:43.738377094 CET49776443192.168.2.4142.250.186.162
                                                                                                                                                                              Oct 30, 2024 17:52:43.738378048 CET49774443192.168.2.474.125.133.154
                                                                                                                                                                              Oct 30, 2024 17:52:43.782255888 CET49777443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:43.782294989 CET44349777149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.782486916 CET49777443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:43.782864094 CET49777443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:43.782875061 CET44349777149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.836143017 CET4434977474.125.133.154192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.862278938 CET44349776142.250.186.162192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.864300013 CET44349771142.250.185.100192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.866081953 CET44349775142.250.186.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.882325888 CET49774443192.168.2.474.125.133.154
                                                                                                                                                                              Oct 30, 2024 17:52:43.882419109 CET4434977474.125.133.154192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.882623911 CET4434977474.125.133.154192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.882841110 CET49774443192.168.2.474.125.133.154
                                                                                                                                                                              Oct 30, 2024 17:52:43.885607958 CET49775443192.168.2.4142.250.186.110
                                                                                                                                                                              Oct 30, 2024 17:52:43.885678053 CET44349775142.250.186.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.885735035 CET49775443192.168.2.4142.250.186.110
                                                                                                                                                                              Oct 30, 2024 17:52:43.886604071 CET49771443192.168.2.4142.250.185.100
                                                                                                                                                                              Oct 30, 2024 17:52:43.886666059 CET44349771142.250.185.100192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.886718035 CET49771443192.168.2.4142.250.185.100
                                                                                                                                                                              Oct 30, 2024 17:52:43.930860996 CET49776443192.168.2.4142.250.186.162
                                                                                                                                                                              Oct 30, 2024 17:52:43.930887938 CET44349776142.250.186.162192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.981302023 CET44349776142.250.186.162192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.981357098 CET49776443192.168.2.4142.250.186.162
                                                                                                                                                                              Oct 30, 2024 17:52:43.983302116 CET49776443192.168.2.4142.250.186.162
                                                                                                                                                                              Oct 30, 2024 17:52:43.983325958 CET44349776142.250.186.162192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:43.983338118 CET49776443192.168.2.4142.250.186.162
                                                                                                                                                                              Oct 30, 2024 17:52:43.983511925 CET49776443192.168.2.4142.250.186.162
                                                                                                                                                                              Oct 30, 2024 17:52:44.612966061 CET44349777149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:44.614799976 CET49777443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:44.614830017 CET44349777149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:44.857563972 CET44349777149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:44.859077930 CET49777443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:44.859100103 CET44349777149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:44.956857920 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:44.956888914 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:45.131329060 CET49672443192.168.2.4173.222.162.32
                                                                                                                                                                              Oct 30, 2024 17:52:45.133002043 CET49779443192.168.2.4173.222.162.32
                                                                                                                                                                              Oct 30, 2024 17:52:45.133049011 CET44349779173.222.162.32192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:45.133126020 CET49779443192.168.2.4173.222.162.32
                                                                                                                                                                              Oct 30, 2024 17:52:45.135482073 CET49779443192.168.2.4173.222.162.32
                                                                                                                                                                              Oct 30, 2024 17:52:45.135499001 CET44349779173.222.162.32192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:45.299832106 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:45.299909115 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:45.322500944 CET44349777149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:45.322582006 CET44349777149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:45.322649956 CET49777443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:45.323029995 CET49777443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:45.622612000 CET49672443192.168.2.4173.222.162.32
                                                                                                                                                                              Oct 30, 2024 17:52:45.982223988 CET44349779173.222.162.32192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:45.982345104 CET49779443192.168.2.4173.222.162.32
                                                                                                                                                                              Oct 30, 2024 17:52:46.145015001 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:46.145241976 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:46.145294905 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:46.224402905 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:46.224494934 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:46.224555016 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:46.428627968 CET49672443192.168.2.4173.222.162.32
                                                                                                                                                                              Oct 30, 2024 17:52:46.436918020 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:46.437001944 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:46.437181950 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:46.483660936 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:46.483753920 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:46.483800888 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:46.779778957 CET49779443192.168.2.4173.222.162.32
                                                                                                                                                                              Oct 30, 2024 17:52:46.779803991 CET44349779173.222.162.32192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:46.780134916 CET44349779173.222.162.32192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:46.780179977 CET49779443192.168.2.4173.222.162.32
                                                                                                                                                                              Oct 30, 2024 17:52:46.781613111 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:46.781697035 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:46.781740904 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:46.783016920 CET49779443192.168.2.4173.222.162.32
                                                                                                                                                                              Oct 30, 2024 17:52:46.783046961 CET44349779173.222.162.32192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:46.783166885 CET49779443192.168.2.4173.222.162.32
                                                                                                                                                                              Oct 30, 2024 17:52:46.783174038 CET44349779173.222.162.32192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:47.009154081 CET44349779173.222.162.32192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:47.009243011 CET49779443192.168.2.4173.222.162.32
                                                                                                                                                                              Oct 30, 2024 17:52:47.009919882 CET44349779173.222.162.32192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:47.009977102 CET44349779173.222.162.32192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:47.010026932 CET49779443192.168.2.4173.222.162.32
                                                                                                                                                                              Oct 30, 2024 17:52:47.315815926 CET49780443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:47.315855980 CET44349780149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:47.315927982 CET49780443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:47.316183090 CET49780443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:47.316196918 CET44349780149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:47.629333019 CET49672443192.168.2.4173.222.162.32
                                                                                                                                                                              Oct 30, 2024 17:52:48.156167030 CET44349780149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:48.157831907 CET49780443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:48.157862902 CET44349780149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:48.395766020 CET44349780149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:48.395952940 CET44349780149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:48.396020889 CET49780443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:48.397766113 CET49780443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:49.568031073 CET44349754142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:49.568109035 CET44349754142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:49.568172932 CET49754443192.168.2.4142.250.186.164
                                                                                                                                                                              Oct 30, 2024 17:52:50.129861116 CET49672443192.168.2.4173.222.162.32
                                                                                                                                                                              Oct 30, 2024 17:52:50.247236967 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:50.247330904 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:50.247409105 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:52.719418049 CET49781443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:52.719470024 CET44349781149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:52.719579935 CET49781443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:52.719877005 CET49781443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:52.719888926 CET44349781149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:53.555445910 CET44349781149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:53.557260990 CET49781443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:53.557303905 CET44349781149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:53.796989918 CET44349781149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:53.797296047 CET49781443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:53.797322989 CET44349781149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:54.116620064 CET44349781149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:54.116710901 CET44349781149.210.194.253192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:54.116825104 CET49781443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:54.196775913 CET49781443192.168.2.4149.210.194.253
                                                                                                                                                                              Oct 30, 2024 17:52:55.129745960 CET49672443192.168.2.4173.222.162.32
                                                                                                                                                                              Oct 30, 2024 17:52:55.130935907 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:55.130968094 CET4434975950.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:55.130978107 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:55.131009102 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:55.131022930 CET49759443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:55.131040096 CET4434975550.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:55.131053925 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:55.131084919 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:55.131089926 CET49755443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:55.131093979 CET4434975750.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:55.131103039 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:55.131134987 CET49757443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:55.131198883 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:55.131198883 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:55.131234884 CET4434975850.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:55.131267071 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:55.131267071 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:55.131274939 CET4434975650.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:55.131285906 CET49758443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:55.131306887 CET49756443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:55.131321907 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:55.131349087 CET4434975150.87.253.110192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:55.131369114 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:55.131390095 CET49751443192.168.2.450.87.253.110
                                                                                                                                                                              Oct 30, 2024 17:52:55.131431103 CET49754443192.168.2.4142.250.186.164
                                                                                                                                                                              Oct 30, 2024 17:52:55.131457090 CET44349754142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:56.045118093 CET49783443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:56.045161009 CET4434978320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:56.045233965 CET49783443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:56.046231031 CET49783443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:56.046247005 CET4434978320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:56.867388010 CET4434978320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:56.867508888 CET49783443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:57.090048075 CET49783443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:57.090087891 CET4434978320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:57.091106892 CET4434978320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:57.100400925 CET49783443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:57.147327900 CET4434978320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:57.178261995 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:57.178308964 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:57.178360939 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:57.178752899 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:57.178769112 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:57.363305092 CET4434978320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:57.363346100 CET4434978320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:57.363364935 CET4434978320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:57.363538027 CET49783443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:57.363557100 CET4434978320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:57.363619089 CET49783443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:57.364598989 CET4434978320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:57.364641905 CET4434978320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:57.364694118 CET49783443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:57.364694118 CET49783443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:57.364702940 CET4434978320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:57.364718914 CET4434978320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:57.364764929 CET49783443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:57.386467934 CET49783443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:57.386493921 CET4434978320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:57.386507988 CET49783443192.168.2.420.109.210.53
                                                                                                                                                                              Oct 30, 2024 17:52:57.386513948 CET4434978320.109.210.53192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:57.926495075 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:57.926589012 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:57.930639982 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:57.930648088 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:57.930958033 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:57.945930958 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:57.987329960 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.164443016 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.164478064 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.164496899 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.164526939 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.164550066 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.164592981 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.164592981 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.191519022 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.191550016 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.191610098 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.191617966 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.191708088 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.282805920 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.282828093 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.282867908 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.282886982 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.282922029 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.282922029 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.311038017 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.311070919 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.311191082 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.311191082 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.311204910 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.311567068 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.312762022 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.312778950 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.312835932 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.312840939 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.312886000 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.312886000 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.314578056 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.314594984 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.314665079 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.314665079 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.314671040 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.314713955 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.424567938 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.424592972 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.424679041 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.424695015 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.424745083 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.425702095 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.425715923 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.425893068 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.425899982 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.425983906 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.426994085 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.427010059 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.427090883 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.427099943 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.427220106 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.428152084 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.428167105 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.428251028 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.428257942 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.428329945 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.429363966 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.429378033 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.429461002 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.429466963 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.429745913 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.433504105 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.543378115 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.543405056 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.543503046 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.543514013 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.543580055 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.544465065 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.544481039 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.544547081 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.544553995 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.544640064 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.544729948 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.544735909 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.547621012 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.547621012 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.547704935 CET49786443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.547719002 CET4434978613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.587964058 CET49788443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.588006973 CET4434978813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.590024948 CET49789443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.590059996 CET49788443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.590085030 CET4434978913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.591166973 CET49790443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.591182947 CET4434979013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.591247082 CET49790443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.591272116 CET49789443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.592223883 CET49791443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.592233896 CET4434979113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.592617035 CET49792443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.592658997 CET49791443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.592681885 CET4434979213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.592899084 CET49791443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.592900038 CET49792443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.592912912 CET4434979113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.592967033 CET49788443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.592982054 CET4434978813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.593087912 CET49792443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.593106985 CET4434979213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.593153954 CET49789443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.593167067 CET4434978913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:58.593218088 CET49790443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:58.593228102 CET4434979013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.327887058 CET4434979113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.329375982 CET4434979013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.332019091 CET4434979213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.364875078 CET4434978913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.365168095 CET4434978813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.426456928 CET49791443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.427557945 CET49788443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.442044973 CET49790443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.442051888 CET49789443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.442214012 CET49792443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.445560932 CET49788443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.445579052 CET4434978813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.446046114 CET49788443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.446053982 CET4434978813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.446273088 CET49789443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.446285009 CET4434978913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.446605921 CET49789443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.446610928 CET4434978913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.446780920 CET49791443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.446787119 CET4434979113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.447113991 CET49791443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.447117090 CET4434979113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.447329998 CET49790443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.447339058 CET4434979013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.447685003 CET49790443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.447690010 CET4434979013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.447946072 CET49792443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.447958946 CET4434979213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.448635101 CET49792443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.448642969 CET4434979213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.572261095 CET4434979113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.572292089 CET4434979113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.572371006 CET4434979113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.572411060 CET49791443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.572437048 CET49791443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.574522018 CET4434979013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.574606895 CET4434979013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.574672937 CET49790443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.575634956 CET4434979213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.575731039 CET4434979213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.575802088 CET49792443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.578195095 CET4434978813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.578218937 CET4434978813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.578279018 CET49788443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.578304052 CET4434978813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.578349113 CET49788443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.578356028 CET4434978813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.578385115 CET4434978813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.579051971 CET4434978913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.579076052 CET4434978913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.579109907 CET49788443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.579135895 CET49789443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.579148054 CET4434978913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.579168081 CET4434978913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.579188108 CET49789443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.579210997 CET49789443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.618711948 CET49791443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.618742943 CET4434979113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.618756056 CET49791443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.618762970 CET4434979113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.619883060 CET49788443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.619924068 CET4434978813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.620019913 CET49788443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.620029926 CET4434978813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.620651007 CET49789443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.620660067 CET4434978913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.620695114 CET49789443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.620698929 CET4434978913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.621308088 CET49790443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.621331930 CET4434979013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.621345043 CET49790443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.621351004 CET4434979013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.622592926 CET49792443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.622592926 CET49792443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.622615099 CET4434979213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.622628927 CET4434979213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.654810905 CET49794443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.654875994 CET4434979413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.654984951 CET49794443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.657823086 CET49795443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.657864094 CET4434979513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.657924891 CET49795443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.661417961 CET49794443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.661453962 CET4434979413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.665507078 CET49796443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.665546894 CET4434979613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.665625095 CET49796443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.665730953 CET49796443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.665745974 CET4434979613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.685249090 CET49795443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.685276031 CET4434979513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.687375069 CET49797443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.687407017 CET4434979713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.687530994 CET49797443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.687621117 CET49797443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.687635899 CET4434979713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.689105988 CET49798443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.689142942 CET4434979813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:59.689388037 CET49798443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.693531990 CET49798443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:52:59.693552971 CET4434979813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.385006905 CET4434979413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.385721922 CET49794443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.385736942 CET4434979413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.386398077 CET49794443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.386404991 CET4434979413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.407066107 CET4434979613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.407603025 CET49796443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.407630920 CET4434979613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.408634901 CET49796443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.408642054 CET4434979613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.439795017 CET4434979713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.440382957 CET49797443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.440396070 CET4434979713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.441031933 CET49797443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.441036940 CET4434979713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.443481922 CET4434979813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.445051908 CET49798443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.445074081 CET4434979813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.445956945 CET49798443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.445960999 CET4434979813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.454190016 CET4434979513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.454907894 CET49795443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.454936028 CET4434979513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.455368042 CET49795443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.455380917 CET4434979513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.514662027 CET4434979413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.515038967 CET4434979413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.515145063 CET49794443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.515710115 CET49794443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.515710115 CET49794443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.515727043 CET4434979413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.515734911 CET4434979413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.519129992 CET49799443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.519171953 CET4434979913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.519301891 CET49799443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.519670010 CET49799443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.519684076 CET4434979913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.538182020 CET4434979613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.538346052 CET4434979613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.538536072 CET49796443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.538676023 CET49796443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.538691998 CET4434979613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.538707972 CET49796443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.538713932 CET4434979613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.542038918 CET49800443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.542078972 CET4434980013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.542159081 CET49800443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.542454004 CET49800443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.542468071 CET4434980013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.570574999 CET4434979713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.570660114 CET4434979713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.570841074 CET49797443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.570954084 CET49797443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.570971012 CET4434979713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.570981026 CET49797443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.570987940 CET4434979713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.574134111 CET49801443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.574168921 CET4434980113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.574244022 CET49801443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.574948072 CET49801443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.574959993 CET4434980113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.576879025 CET4434979813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.577092886 CET4434979813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.577142954 CET49798443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.577195883 CET49798443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.577212095 CET4434979813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.577223063 CET49798443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.577228069 CET4434979813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.579813957 CET49802443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.579855919 CET4434980213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.579979897 CET49802443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.580178022 CET49802443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.580192089 CET4434980213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.590691090 CET4434979513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.590761900 CET4434979513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.590827942 CET49795443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.591150999 CET49795443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.591171026 CET4434979513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.591202021 CET49795443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.591208935 CET4434979513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.594398975 CET49803443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.594425917 CET4434980313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:00.594482899 CET49803443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.594654083 CET49803443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:00.594669104 CET4434980313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.260808945 CET4434979913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.261559963 CET49799443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.261574030 CET4434979913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.262068033 CET49799443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.262084961 CET4434979913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.278680086 CET4434980013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.279262066 CET49800443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.279301882 CET4434980013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.279815912 CET49800443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.279830933 CET4434980013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.315551043 CET4434980213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.316499949 CET49802443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.316540003 CET4434980213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.317312002 CET49802443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.317320108 CET4434980213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.341240883 CET4434980313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.344419003 CET49803443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.344449997 CET4434980313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.344459057 CET4434980113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.345446110 CET49803443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.345453024 CET4434980313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.345695972 CET49801443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.345706940 CET4434980113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.346694946 CET49801443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.346698999 CET4434980113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.392087936 CET4434979913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.392149925 CET4434979913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.392344952 CET49799443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.392409086 CET49799443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.392433882 CET4434979913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.392461061 CET49799443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.392467022 CET4434979913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.397716999 CET49804443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.397752047 CET4434980413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.397948027 CET49804443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.398169041 CET49804443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.398179054 CET4434980413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.424580097 CET4434980013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.424643993 CET4434980013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.424879074 CET49800443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.424916983 CET49800443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.424937963 CET4434980013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.424949884 CET49800443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.424956083 CET4434980013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.428086042 CET49805443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.428127050 CET4434980513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.428198099 CET49805443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.428495884 CET49805443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.428507090 CET4434980513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.447304010 CET4434980213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.447376013 CET4434980213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.447565079 CET49802443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.447789907 CET49802443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.447805882 CET4434980213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.450670004 CET49806443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.450705051 CET4434980613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.450773001 CET49806443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.450901031 CET49806443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.450911045 CET4434980613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.473218918 CET4434980313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.473411083 CET4434980313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.473475933 CET49803443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.474708080 CET49803443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.474725008 CET4434980313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.474739075 CET49803443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.474745035 CET4434980313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.478427887 CET49807443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.478457928 CET4434980713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.478542089 CET49807443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.479046106 CET49807443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.479058981 CET4434980713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.484812975 CET4434980113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.484935045 CET4434980113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.487596989 CET49801443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.494679928 CET49801443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.494684935 CET4434980113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.494695902 CET49801443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.494699001 CET4434980113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.497972012 CET49808443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.497987986 CET4434980813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:01.498085022 CET49808443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.498220921 CET49808443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:01.498230934 CET4434980813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.140403032 CET4434980413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.141161919 CET49804443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.141196966 CET4434980413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.142174006 CET49804443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.142189026 CET4434980413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.154067993 CET4434980513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.155241013 CET49805443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.155272961 CET4434980513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.156038046 CET49805443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.156047106 CET4434980513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.187470913 CET4434980613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.189941883 CET49806443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.189971924 CET4434980613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.190402031 CET49806443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.190407991 CET4434980613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.221461058 CET4434980713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.231547117 CET4434980813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.238105059 CET49807443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.238137007 CET4434980713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.238809109 CET49807443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.238826990 CET4434980713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.239375114 CET49808443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.239401102 CET4434980813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.239768982 CET49808443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.239774942 CET4434980813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.272485971 CET4434980413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.272609949 CET4434980413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.272679090 CET49804443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.272959948 CET49804443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.272980928 CET4434980413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.273010015 CET49804443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.273015976 CET4434980413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.277643919 CET49809443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.277679920 CET4434980913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.277746916 CET49809443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.277945042 CET49809443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.277960062 CET4434980913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.317743063 CET4434980613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.317853928 CET4434980613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.317909956 CET49806443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.318037987 CET49806443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.318058968 CET4434980613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.318070889 CET49806443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.318078041 CET4434980613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.321362972 CET49810443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.321408033 CET4434981013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.321482897 CET49810443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.321749926 CET49810443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.321764946 CET4434981013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.357589006 CET4434980513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.357886076 CET4434980513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.358057022 CET49805443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.366719007 CET4434980713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.366796017 CET4434980713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.366964102 CET49807443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.368818045 CET49805443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.368850946 CET4434980513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.368865967 CET4434980813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.368870020 CET49805443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.368877888 CET4434980513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.369050980 CET4434980813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.369167089 CET49808443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.370171070 CET49808443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.370194912 CET4434980813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.370263100 CET49808443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.370269060 CET4434980813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.372252941 CET49807443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.372262955 CET4434980713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.372277021 CET49807443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.372282028 CET4434980713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.377031088 CET49811443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.377067089 CET4434981113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.377612114 CET49811443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.378736973 CET49811443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.378751993 CET4434981113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.379992962 CET49812443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.380024910 CET4434981213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.380122900 CET49812443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.380331039 CET49812443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.380350113 CET4434981213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.389425039 CET49813443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.389463902 CET4434981313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:02.389602900 CET49813443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.390254974 CET49813443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:02.390268087 CET4434981313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.017585993 CET4434980913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.024657965 CET49809443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.024676085 CET4434980913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.025249004 CET49809443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.025257111 CET4434980913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.086649895 CET4434981013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.094470978 CET49810443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.094500065 CET4434981013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.095010042 CET49810443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.095015049 CET4434981013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.122529030 CET4434981113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.124682903 CET49811443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.124700069 CET4434981113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.125288010 CET49811443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.125296116 CET4434981113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.128983974 CET4434981313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.131952047 CET49813443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.131968975 CET4434981313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.132390976 CET49813443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.132397890 CET4434981313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.138079882 CET4434981213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.138499022 CET49812443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.138537884 CET4434981213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.139334917 CET49812443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.139343023 CET4434981213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.150585890 CET4434980913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.150904894 CET4434980913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.151128054 CET49809443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.151175976 CET49809443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.151194096 CET4434980913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.151205063 CET49809443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.151211023 CET4434980913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.197232962 CET49815443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.197292089 CET4434981513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.197885036 CET49815443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.198473930 CET49815443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.198489904 CET4434981513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.226969004 CET4434981013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.227144003 CET4434981013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.227206945 CET49810443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.253349066 CET4434981113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.253495932 CET4434981113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.253732920 CET49811443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.259599924 CET4434981313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.259769917 CET4434981313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.259839058 CET49813443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.272649050 CET4434981213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.272766113 CET4434981213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.272893906 CET49812443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.274909973 CET49810443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.274943113 CET4434981013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.274960995 CET49810443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.274967909 CET4434981013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.276426077 CET49812443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.276443958 CET4434981213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.276535988 CET49812443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.276544094 CET4434981213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.282783985 CET49811443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.282805920 CET4434981113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.282881021 CET49811443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.282888889 CET4434981113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.303430080 CET49813443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.303463936 CET4434981313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.303483009 CET49813443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.303489923 CET4434981313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.357048035 CET49816443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.357099056 CET4434981613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.357161999 CET49816443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.359149933 CET49817443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.359189034 CET4434981713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.359463930 CET49817443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.360613108 CET49818443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.360625029 CET4434981813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.360675097 CET49818443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.382733107 CET49816443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.382762909 CET4434981613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.384808064 CET49819443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.384845018 CET4434981913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.384938002 CET49819443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.385494947 CET49819443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.385509968 CET4434981913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.385592937 CET49817443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.385605097 CET4434981713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.385662079 CET49818443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.385690928 CET4434981813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.928009987 CET4434981513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.931180000 CET49815443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.931210995 CET4434981513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:03.931968927 CET49815443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:03.931976080 CET4434981513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.057549000 CET4434981513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.057665110 CET4434981513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.057724953 CET49815443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.063404083 CET49815443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.063441992 CET4434981513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.073277950 CET49820443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.073318958 CET4434982013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.073437929 CET49820443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.077362061 CET49820443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.077392101 CET4434982013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.105432987 CET4434981813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.109062910 CET49818443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.109110117 CET4434981813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.109766006 CET49818443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.109776974 CET4434981813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.114336967 CET4434981913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.114960909 CET4434981713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.117420912 CET49819443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.117439032 CET4434981913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.117887020 CET49819443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.117897034 CET4434981913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.129110098 CET49817443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.129122972 CET4434981713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.129688978 CET49817443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.129693985 CET4434981713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.170018911 CET4434981613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.170995951 CET49816443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.171025038 CET4434981613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.171700001 CET49816443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.171706915 CET4434981613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.234277010 CET4434981813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.234354019 CET4434981813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.234417915 CET49818443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.235420942 CET49818443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.235445023 CET4434981813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.235460043 CET49818443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.235466957 CET4434981813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.243932009 CET4434981913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.244343996 CET4434981913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.244431973 CET49819443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.251713991 CET49819443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.251738071 CET4434981913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.251749992 CET49819443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.251755953 CET4434981913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.260185957 CET4434981713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.260396957 CET4434981713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.260663986 CET49817443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.274578094 CET49821443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.274616957 CET4434982113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.274694920 CET49821443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.278510094 CET49817443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.278510094 CET49817443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.278548002 CET4434981713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.278563023 CET4434981713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.294192076 CET49821443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.294204950 CET4434982113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.306174040 CET4434981613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.306243896 CET4434981613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.306318998 CET49816443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.309676886 CET49822443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.309727907 CET4434982213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.309833050 CET49822443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.309966087 CET49822443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.309979916 CET4434982213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.314141035 CET49823443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.314157009 CET4434982313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.314256907 CET49823443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.317974091 CET49816443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.318006992 CET4434981613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.318022013 CET49816443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.318030119 CET4434981613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.333388090 CET49823443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.333400011 CET4434982313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.354192019 CET49824443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.354229927 CET4434982413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.354362011 CET49824443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.356934071 CET49824443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.356956005 CET4434982413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.733416080 CET49672443192.168.2.4173.222.162.32
                                                                                                                                                                              Oct 30, 2024 17:53:04.810411930 CET4434982013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.811758995 CET49820443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.811781883 CET4434982013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.812313080 CET49820443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.812319040 CET4434982013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.941572905 CET4434982013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.941766024 CET4434982013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.942601919 CET49820443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.942683935 CET49820443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.942707062 CET4434982013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.942800045 CET49820443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.942806959 CET4434982013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.947390079 CET49825443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.947428942 CET4434982513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:04.947598934 CET49825443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.948631048 CET49825443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:04.948646069 CET4434982513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.039700031 CET4434982113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.045586109 CET49821443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.045619011 CET4434982113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.045727968 CET4434982213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.046235085 CET49821443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.046240091 CET4434982113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.047209024 CET49822443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.047219992 CET4434982213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.048187971 CET49822443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.048207998 CET4434982213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.090816021 CET4434982413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.091512918 CET49824443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.091562033 CET4434982413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.092015982 CET49824443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.092025995 CET4434982413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.097945929 CET4434982313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.099082947 CET49823443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.099101067 CET4434982313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.099797964 CET49823443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.099803925 CET4434982313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.173881054 CET4434982113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.174055099 CET4434982113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.174185991 CET49821443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.174213886 CET49821443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.174232960 CET4434982113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.174241066 CET49821443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.174247026 CET4434982113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.178031921 CET49826443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.178076029 CET4434982613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.178145885 CET49826443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.178352118 CET4434982213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.178371906 CET49826443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.178384066 CET4434982613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.178499937 CET4434982213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.178677082 CET49822443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.178677082 CET49822443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.178705931 CET49822443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.178719044 CET4434982213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.181427002 CET49827443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.181464911 CET4434982713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.181525946 CET49827443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.181663990 CET49827443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.181675911 CET4434982713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.220813990 CET4434982413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.220897913 CET4434982413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.220947981 CET49824443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.221183062 CET49824443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.221206903 CET4434982413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.221219063 CET49824443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.221225023 CET4434982413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.225301981 CET49828443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.225347996 CET4434982813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.225601912 CET49828443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.226008892 CET49828443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.226020098 CET4434982813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.229270935 CET4434982313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.229535103 CET4434982313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.229592085 CET49823443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.229796886 CET49823443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.229810953 CET4434982313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.229820013 CET49823443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.229825020 CET4434982313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.231975079 CET49829443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.232002974 CET4434982913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.232054949 CET49829443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.232184887 CET49829443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.232192993 CET4434982913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.683973074 CET4434982513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.684540033 CET49825443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.684566021 CET4434982513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.685079098 CET49825443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.685086966 CET4434982513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.814784050 CET4434982513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.814908028 CET4434982513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.815077066 CET49825443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.815108061 CET49825443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.815124035 CET4434982513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.815134048 CET49825443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.815139055 CET4434982513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.817945957 CET49830443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.817991018 CET4434983013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.818118095 CET49830443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.818248034 CET49830443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.818262100 CET4434983013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.914320946 CET4434982613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.914860964 CET49826443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.914891958 CET4434982613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.915363073 CET49826443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.915371895 CET4434982613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.924773932 CET4434982713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.925156116 CET49827443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.925173998 CET4434982713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.925581932 CET49827443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.925586939 CET4434982713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.959255934 CET4434982813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.959831953 CET49828443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.959862947 CET4434982813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.960427046 CET49828443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.960436106 CET4434982813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.966687918 CET4434982913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.967245102 CET49829443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.967263937 CET4434982913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:05.967705965 CET49829443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:05.967711926 CET4434982913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.045205116 CET4434982613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.045367002 CET4434982613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.045519114 CET49826443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.045574903 CET49826443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.045599937 CET4434982613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.045619011 CET49826443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.045625925 CET4434982613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.049216986 CET49831443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.049266100 CET4434983113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.049340963 CET49831443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.049633980 CET49831443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.049654961 CET4434983113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.057112932 CET4434982713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.057462931 CET4434982713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.057605028 CET49827443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.057641029 CET49827443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.057657957 CET4434982713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.057667971 CET49827443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.057672977 CET4434982713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.060118914 CET49832443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.060157061 CET4434983213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.060225964 CET49832443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.060574055 CET49832443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.060585976 CET4434983213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.090589046 CET4434982813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.090954065 CET4434982813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.091037035 CET49828443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.091133118 CET49828443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.091151953 CET4434982813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.091162920 CET49828443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.091167927 CET4434982813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.095283031 CET49833443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.095324039 CET4434983313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.095410109 CET49833443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.095547915 CET49833443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.095565081 CET4434983313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.101275921 CET4434982913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.101711988 CET4434982913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.101771116 CET49829443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.101891041 CET49829443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.101902962 CET4434982913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.101914883 CET49829443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.101919889 CET4434982913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.115871906 CET49834443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.115909100 CET4434983413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.116051912 CET49834443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.116235971 CET49834443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.116249084 CET4434983413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.564363956 CET4434983013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.566389084 CET49830443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.566427946 CET4434983013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.567486048 CET49830443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.567500114 CET4434983013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.693996906 CET4434983013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.694175005 CET4434983013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.694500923 CET49830443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.696460962 CET49830443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.696487904 CET4434983013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.696501017 CET49830443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.696507931 CET4434983013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.768132925 CET49835443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.768183947 CET4434983513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.768440008 CET49835443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.772981882 CET49835443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.772994041 CET4434983513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.787420034 CET4434983113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.804573059 CET4434983213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.824013948 CET4434983313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.832519054 CET49831443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.835724115 CET49831443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.835748911 CET4434983113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.836646080 CET49831443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.836659908 CET4434983113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.838293076 CET49832443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.838320971 CET4434983213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.838854074 CET49832443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.838865042 CET4434983213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.840183973 CET49833443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.840195894 CET4434983313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.840661049 CET49833443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.840666056 CET4434983313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.844527960 CET4434983413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.845081091 CET49834443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.845110893 CET4434983413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.845801115 CET49834443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.845812082 CET4434983413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.960644007 CET4434983113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.960788965 CET4434983113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.963716030 CET49831443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.964948893 CET4434983313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.965424061 CET4434983313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.965508938 CET49833443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.966053963 CET4434983213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.966501951 CET4434983213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.966574907 CET49832443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.974456072 CET4434983413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.974520922 CET4434983413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.975613117 CET49834443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.984107018 CET49831443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.984107018 CET49831443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.984138012 CET4434983113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.984150887 CET4434983113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.992441893 CET49834443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.992474079 CET4434983413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.992510080 CET49834443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.992516994 CET4434983413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.999910116 CET49833443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.999910116 CET49833443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:06.999931097 CET4434983313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:06.999941111 CET4434983313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.003909111 CET49832443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.003909111 CET49832443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.003941059 CET4434983213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.003953934 CET4434983213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.060955048 CET49836443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.061000109 CET4434983613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.062036037 CET49837443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.062092066 CET4434983713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.062205076 CET49836443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.062206030 CET49837443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.063003063 CET49836443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.063016891 CET4434983613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.063147068 CET49837443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.063160896 CET4434983713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.064429045 CET49838443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.064443111 CET4434983813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.064656973 CET49838443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.064821005 CET49838443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.064829111 CET4434983813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.078707933 CET49839443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.078738928 CET4434983913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.079612970 CET49839443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.087064981 CET49839443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.087080002 CET4434983913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.503767967 CET4434983513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.523277044 CET49835443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.523310900 CET4434983513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.524028063 CET49835443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.524035931 CET4434983513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.652229071 CET4434983513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.652327061 CET4434983513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.652443886 CET49835443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.652884960 CET49835443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.652901888 CET4434983513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.653006077 CET49835443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.653012991 CET4434983513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.658343077 CET49840443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.658389091 CET4434984013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.658478975 CET49840443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.658718109 CET49840443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.658731937 CET4434984013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.792561054 CET4434983713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.792787075 CET4434983613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.793045998 CET49837443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.793071032 CET4434983713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.793514967 CET49837443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.793519974 CET4434983713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.793816090 CET49836443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.793829918 CET4434983613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.794240952 CET49836443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.794245005 CET4434983613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.805778027 CET4434983813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.806471109 CET49838443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.806480885 CET4434983813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.807041883 CET49838443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.807046890 CET4434983813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.817434072 CET4434983913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.819264889 CET49839443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.819294930 CET4434983913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.820123911 CET49839443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.820130110 CET4434983913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.922012091 CET4434983713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.922135115 CET4434983613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.922307968 CET4434983613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.922316074 CET4434983713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.922405958 CET49836443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.922431946 CET49837443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.923819065 CET49837443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.923839092 CET4434983713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.923858881 CET49837443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.923865080 CET4434983713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.927956104 CET49836443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.927956104 CET49836443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.927978039 CET4434983613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.927987099 CET4434983613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.936356068 CET4434983813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.936511040 CET4434983813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.936647892 CET49838443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.937041044 CET49841443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.937086105 CET4434984113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.937149048 CET49841443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.939059019 CET49842443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.939086914 CET4434984213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.939277887 CET49842443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.941451073 CET49838443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.941457987 CET4434983813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.945585966 CET49841443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.945602894 CET4434984113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.945713043 CET49842443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.945736885 CET4434984213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.946899891 CET4434983913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.947173119 CET4434983913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.947391987 CET49839443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.948148012 CET49843443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.948164940 CET4434984313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.948246002 CET49839443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.948266029 CET4434983913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.948281050 CET49843443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.948281050 CET49839443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.948287964 CET4434983913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.948530912 CET49843443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.948542118 CET4434984313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.954273939 CET49844443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.954305887 CET4434984413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:07.954365015 CET49844443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.954818964 CET49844443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:07.954833031 CET4434984413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.379180908 CET4434984013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.380625010 CET49840443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.380650043 CET4434984013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.381345987 CET49840443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.381350994 CET4434984013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.506278038 CET4434984013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.506372929 CET4434984013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.506587029 CET49840443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.506853104 CET49840443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.506853104 CET49840443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.506876945 CET4434984013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.506885052 CET4434984013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.509746075 CET49845443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.509792089 CET4434984513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.509918928 CET49845443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.510050058 CET49845443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.510071039 CET4434984513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.669157982 CET4434984213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.669318914 CET4434984313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.671458006 CET49842443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.671468019 CET4434984213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.672383070 CET49842443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.672388077 CET4434984213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.672756910 CET49843443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.672789097 CET4434984313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.673218012 CET49843443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.673228025 CET4434984313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.693691969 CET4434984113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.694657087 CET4434984413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.696048975 CET49841443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.696084023 CET4434984113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.696563959 CET49841443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.696573019 CET4434984113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.696866989 CET49844443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.696883917 CET4434984413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.697280884 CET49844443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.697287083 CET4434984413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.799473047 CET4434984213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.820723057 CET4434984213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.820756912 CET4434984313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.820800066 CET49842443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.820820093 CET4434984313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.820863962 CET49842443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.820863962 CET49842443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.820883036 CET4434984213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.820890903 CET4434984213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.820898056 CET49843443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.821311951 CET49843443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.821311951 CET49843443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.821333885 CET4434984313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.821341991 CET4434984313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.824300051 CET49846443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.824337959 CET4434984613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.824404001 CET49846443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.824508905 CET49847443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.824537992 CET49846443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.824538946 CET4434984713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.824549913 CET4434984613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.824596882 CET49847443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.824698925 CET49847443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.824712038 CET4434984713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.826797009 CET4434984413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.826854944 CET4434984413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.826915026 CET49844443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.827040911 CET49844443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.827049017 CET4434984413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.827069044 CET49844443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.827074051 CET4434984413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.828983068 CET49848443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.829015970 CET4434984813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.829121113 CET49848443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.829173088 CET4434984113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.829231024 CET4434984113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.829236984 CET49848443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.829248905 CET4434984813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.829269886 CET49841443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.829361916 CET49841443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.829366922 CET4434984113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.829376936 CET49841443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.829382896 CET4434984113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.831367016 CET49849443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.831393003 CET4434984913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:08.831448078 CET49849443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.831547022 CET49849443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:08.831561089 CET4434984913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.130444050 CET4972480192.168.2.4199.232.214.172
                                                                                                                                                                              Oct 30, 2024 17:53:09.136641026 CET8049724199.232.214.172192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.136871099 CET4972480192.168.2.4199.232.214.172
                                                                                                                                                                              Oct 30, 2024 17:53:09.269638062 CET4434984513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.270239115 CET49845443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.270253897 CET4434984513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.271141052 CET49845443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.271148920 CET4434984513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.399275064 CET4434984513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.399471045 CET4434984513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.399573088 CET49845443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.399606943 CET49845443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.399606943 CET49845443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.399631023 CET4434984513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.399638891 CET4434984513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.402834892 CET49850443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.402869940 CET4434985013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.403024912 CET49850443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.403156996 CET49850443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.403165102 CET4434985013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.562705994 CET4434984813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.563431025 CET49848443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.563447952 CET4434984813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.563914061 CET49848443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.563920021 CET4434984813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.566584110 CET4434984613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.567065001 CET49846443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.567080021 CET4434984613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.568680048 CET49846443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.568686008 CET4434984613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.600049973 CET4434984713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.601540089 CET49847443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.601550102 CET4434984713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.602194071 CET49847443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.602200985 CET4434984713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.692804098 CET4434984813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.692878008 CET4434984813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.692939043 CET49848443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.693275928 CET49848443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.693305969 CET4434984813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.693320036 CET49848443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.693325043 CET4434984813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.696294069 CET49851443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.696329117 CET4434985113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.696393967 CET49851443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.696521997 CET49851443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.696536064 CET4434985113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.701921940 CET4434984613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.701991081 CET4434984613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.702121973 CET49846443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.702152014 CET49846443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.702166080 CET4434984613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.702209949 CET49846443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.702214956 CET4434984613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.704878092 CET49852443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.704925060 CET4434985213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.705099106 CET49852443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.705250025 CET49852443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.705264091 CET4434985213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.733315945 CET4434984713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.733428001 CET4434984713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.733522892 CET49847443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.733716011 CET49847443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.733735085 CET4434984713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.733774900 CET49847443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.733781099 CET4434984713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.736294031 CET49853443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.736344099 CET4434985313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:09.737073898 CET49853443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.737236977 CET49853443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:09.737251997 CET4434985313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.148446083 CET4434985013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.148936987 CET49850443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.148966074 CET4434985013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.149589062 CET49850443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.149595022 CET4434985013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.281686068 CET4434985013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.281853914 CET4434985013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.281995058 CET49850443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.282052994 CET49850443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.282069921 CET4434985013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.282079935 CET49850443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.282085896 CET4434985013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.285021067 CET49854443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.285083055 CET4434985413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.285161972 CET49854443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.285331964 CET49854443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.285352945 CET4434985413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.437654018 CET4434985113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.438175917 CET49851443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.438201904 CET4434985113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.438671112 CET49851443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.438676119 CET4434985113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.442650080 CET4434985213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.442991018 CET49852443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.443018913 CET4434985213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.443361998 CET49852443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.443372965 CET4434985213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.473756075 CET4434985313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.474440098 CET49853443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.474473000 CET4434985313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.474906921 CET49853443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.474917889 CET4434985313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.574389935 CET4434985213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.574522018 CET4434985213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.575383902 CET4434985113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.575639963 CET49852443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.575720072 CET4434985113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.579616070 CET49851443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.580784082 CET49851443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.580785036 CET49852443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.580796957 CET4434985113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.580802917 CET4434985213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.580820084 CET49852443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.580821991 CET49851443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.580826044 CET4434985213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.580826998 CET4434985113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.583930969 CET49855443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.583975077 CET4434985513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.583986998 CET49856443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.583993912 CET4434985613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.584067106 CET49855443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.584110022 CET49856443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.584197998 CET49855443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.584213972 CET4434985513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.584342957 CET49856443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.584353924 CET4434985613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.603760958 CET4434985313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.603830099 CET4434985313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.603952885 CET49853443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.603991032 CET49853443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.604006052 CET4434985313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.604018927 CET49853443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.604022980 CET4434985313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.606122017 CET49857443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.606154919 CET4434985713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.606426001 CET49857443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.606560946 CET49857443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.606570959 CET4434985713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.680011988 CET4434984913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.680823088 CET49849443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.680852890 CET4434984913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:10.681350946 CET49849443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:10.681355953 CET4434984913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.067481995 CET4434985413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.068061113 CET49854443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.068087101 CET4434985413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.068936110 CET49854443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.068941116 CET4434985413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.204961061 CET4434985413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.205094099 CET4434985413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.205461979 CET49854443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.205523968 CET49854443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.205523968 CET49854443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.205544949 CET4434985413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.205558062 CET4434985413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.208543062 CET49858443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.208587885 CET4434985813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.208789110 CET49858443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.208901882 CET49858443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.208910942 CET4434985813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.310161114 CET4434985513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.310674906 CET49855443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.310709953 CET4434985513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.311197996 CET49855443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.311203957 CET4434985513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.316992998 CET4434985613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.317344904 CET49856443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.317362070 CET4434985613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.317915916 CET49856443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.317919970 CET4434985613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.329852104 CET4434985713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.330437899 CET49857443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.330459118 CET4434985713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.330847025 CET49857443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.330857992 CET4434985713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.439866066 CET4434985513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.440047026 CET4434985513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.440110922 CET49855443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.440202951 CET49855443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.440228939 CET4434985513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.440239906 CET49855443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.440246105 CET4434985513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.443650007 CET49859443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.443705082 CET4434985913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.443775892 CET49859443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.443952084 CET49859443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.443968058 CET4434985913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.447218895 CET4434985613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.447293043 CET4434985613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.447352886 CET49856443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.447472095 CET49856443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.447472095 CET49856443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.447479010 CET4434985613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.447485924 CET4434985613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.450170040 CET49860443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.450206041 CET4434986013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.450267076 CET49860443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.450496912 CET49860443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.450510025 CET4434986013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.458861113 CET4434985713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.459086895 CET4434985713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.459391117 CET49857443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.459425926 CET49857443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.459439993 CET4434985713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.459450006 CET49857443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.459454060 CET4434985713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.461770058 CET49861443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.461808920 CET4434986113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.461872101 CET49861443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.462038040 CET49861443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.462052107 CET4434986113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.963310003 CET4434985813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.963877916 CET49858443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.963911057 CET4434985813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:11.964354992 CET49858443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:11.964361906 CET4434985813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.107306957 CET4434985813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.107583046 CET4434985813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.107640982 CET49858443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.107673883 CET49858443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.107691050 CET4434985813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.107703924 CET49858443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.107712030 CET4434985813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.110383034 CET49862443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.110407114 CET4434986213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.110474110 CET49862443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.110629082 CET49862443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.110637903 CET4434986213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.168092966 CET4434985913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.168559074 CET49859443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.168577909 CET4434985913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.168970108 CET49859443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.168975115 CET4434985913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.194691896 CET4434986013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.195074081 CET49860443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.195094109 CET4434986013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.195467949 CET49860443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.195472002 CET4434986013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.242150068 CET4434986113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.245978117 CET49861443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.246015072 CET4434986113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.246418953 CET49861443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.246423960 CET4434986113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.311855078 CET4434985913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.311942101 CET4434985913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.312237978 CET49859443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.313668966 CET49859443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.313669920 CET49859443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.313713074 CET4434985913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.313740015 CET4434985913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.315248966 CET49863443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.315285921 CET4434986313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.315356970 CET49863443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.315475941 CET49863443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.315486908 CET4434986313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.326031923 CET4434986013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.326340914 CET4434986013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.329859018 CET49860443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.329901934 CET49860443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.329901934 CET49860443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.329921961 CET4434986013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.329955101 CET4434986013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.331844091 CET49864443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.331885099 CET4434986413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.331981897 CET49864443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.332139969 CET49864443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.332154036 CET4434986413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.383534908 CET4434986113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.383711100 CET4434986113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.383806944 CET49861443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.383869886 CET49861443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.383879900 CET4434986113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.383888006 CET49861443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.383892059 CET4434986113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.386008978 CET49865443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.386038065 CET4434986513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.386095047 CET49865443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.386212111 CET49865443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.386221886 CET4434986513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.841346025 CET4434986213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.842160940 CET49862443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.842194080 CET4434986213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.842751026 CET49862443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.842756033 CET4434986213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.972605944 CET4434986213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.972681046 CET4434986213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.972723961 CET49862443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.973532915 CET49862443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.973551035 CET4434986213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.973562956 CET49862443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.973567963 CET4434986213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.979073048 CET49866443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.979105949 CET4434986613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:12.979222059 CET49866443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.981528997 CET49866443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:12.981544018 CET4434986613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.057298899 CET4434986313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.057935953 CET49863443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.057966948 CET4434986313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.058403015 CET49863443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.058408022 CET4434986313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.077045918 CET4434986413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.077887058 CET49864443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.077899933 CET4434986413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.078324080 CET49864443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.078329086 CET4434986413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.147617102 CET4434986513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.150387049 CET49865443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.150430918 CET4434986513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.150715113 CET49865443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.150723934 CET4434986513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.186944962 CET4434986313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.187199116 CET4434986313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.187285900 CET49863443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.187570095 CET49863443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.187570095 CET49863443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.187592030 CET4434986313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.187602043 CET4434986313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.190366030 CET49867443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.190409899 CET4434986713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.190486908 CET49867443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.191579103 CET49867443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.191601992 CET4434986713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.209564924 CET4434986413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.209623098 CET4434986413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.209741116 CET49864443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.209829092 CET49864443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.209829092 CET49864443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.209846020 CET4434986413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.209855080 CET4434986413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.211787939 CET49868443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.211832047 CET4434986813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.211889029 CET49868443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.212028980 CET49868443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.212044001 CET4434986813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.283387899 CET4434986513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.283409119 CET4434986513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.283476114 CET49865443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.283504963 CET4434986513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.283550024 CET4434986513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.283633947 CET49865443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.283751965 CET49865443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.283768892 CET4434986513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.283781052 CET49865443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.283787966 CET4434986513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.301580906 CET49869443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.301625967 CET4434986913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.303540945 CET49869443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.303630114 CET49869443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.303638935 CET4434986913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.726386070 CET4434986613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.727005005 CET49866443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.727015018 CET4434986613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.727622986 CET49866443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.727627039 CET4434986613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.789877892 CET4434984913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.790010929 CET4434984913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.790112019 CET49849443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.790235043 CET49849443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.790256023 CET4434984913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.790266991 CET49849443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.790272951 CET4434984913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.793179035 CET49870443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.793221951 CET4434987013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.795627117 CET49870443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.795839071 CET49870443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.795855045 CET4434987013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.860848904 CET4434986613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.860913992 CET4434986613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.861139059 CET49866443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.861248016 CET49866443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.861248016 CET49866443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.861263990 CET4434986613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.861274004 CET4434986613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.863677979 CET49871443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.863718033 CET4434987113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.863785028 CET49871443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.863974094 CET49871443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.863991022 CET4434987113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.935733080 CET4434986713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.936167955 CET49867443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.936181068 CET4434986713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.936639071 CET49867443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.936644077 CET4434986713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.961019039 CET4434986813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.961391926 CET49868443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.961415052 CET4434986813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:13.962094069 CET49868443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:13.962100029 CET4434986813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.068152905 CET4434986713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.068249941 CET4434986713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.068301916 CET49867443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.068876982 CET49867443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.068905115 CET4434986713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.068914890 CET49867443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.068921089 CET4434986713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.073025942 CET4434986913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.073524952 CET49869443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.073539019 CET4434986913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.074028015 CET49869443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.074035883 CET4434986913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.074455976 CET49872443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.074486017 CET4434987213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.074673891 CET49872443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.074934959 CET49872443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.074948072 CET4434987213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.092432976 CET4434986813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.092483997 CET4434986813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.092538118 CET49868443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.092565060 CET4434986813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.092612982 CET4434986813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.092665911 CET49868443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.092730999 CET49868443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.092746019 CET4434986813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.092756033 CET49868443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.092761040 CET4434986813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.095382929 CET49873443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.095412016 CET4434987313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.095475912 CET49873443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.095583916 CET49873443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.095597982 CET4434987313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.216963053 CET4434986913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.216989994 CET4434986913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.217047930 CET49869443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.217061996 CET4434986913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.217077017 CET4434986913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.217159986 CET49869443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.217480898 CET49869443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.217480898 CET49869443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.217498064 CET4434986913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.217508078 CET4434986913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.220741987 CET49874443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.220778942 CET4434987413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.220988035 CET49874443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.221302986 CET49874443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.221316099 CET4434987413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.535305977 CET4434987013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.535898924 CET49870443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.535926104 CET4434987013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.537396908 CET49870443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.537401915 CET4434987013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.614110947 CET4434987113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.615272045 CET49871443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.615295887 CET4434987113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.615953922 CET49871443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.615959883 CET4434987113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.666282892 CET4434987013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.666305065 CET4434987013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.666383982 CET49870443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.666399002 CET4434987013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.666594982 CET4434987013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.667614937 CET49870443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.672166109 CET49870443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.672182083 CET4434987013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.672192097 CET49870443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.672198057 CET4434987013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.675095081 CET49875443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.675123930 CET4434987513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.675417900 CET49875443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.675566912 CET49875443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.675579071 CET4434987513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.746208906 CET4434987113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.746260881 CET4434987113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.747174978 CET49871443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.747334957 CET49871443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.747349977 CET4434987113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.747468948 CET49871443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.747477055 CET4434987113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.750024080 CET49876443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.750050068 CET4434987613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.750128031 CET49876443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.750284910 CET49876443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.750299931 CET4434987613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.812614918 CET4434987213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.815912962 CET49872443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.815926075 CET4434987213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.816303968 CET49872443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.816308975 CET4434987213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.835851908 CET4434987313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.836136103 CET49873443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.836149931 CET4434987313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.836451054 CET49873443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.836456060 CET4434987313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.950850964 CET4434987213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.950932980 CET4434987213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.951126099 CET49872443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.951160908 CET49872443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.951160908 CET49872443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.951179028 CET4434987213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.951189041 CET4434987213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.953583002 CET49877443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.953613043 CET4434987713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.953716993 CET49877443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.953825951 CET49877443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.953841925 CET4434987713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.956295967 CET4434987413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.956609011 CET49874443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.956619978 CET4434987413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.957005024 CET49874443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.957010984 CET4434987413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.963897943 CET4434987313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.963980913 CET4434987313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.964098930 CET49873443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.964147091 CET49873443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.964147091 CET49873443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.964159966 CET4434987313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.964169979 CET4434987313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.966053963 CET49878443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.966090918 CET4434987813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.966176033 CET49878443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.966291904 CET49878443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:14.966309071 CET4434987813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.222748995 CET4434987413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.222812891 CET4434987413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.223125935 CET49874443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.223253965 CET49874443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.223273993 CET4434987413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.223306894 CET49874443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.223310947 CET4434987413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.226841927 CET49879443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.226872921 CET4434987913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.227113008 CET49879443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.227492094 CET49879443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.227504969 CET4434987913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.438065052 CET4434987513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.438569069 CET49875443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.438596010 CET4434987513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.439097881 CET49875443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.439106941 CET4434987513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.516319036 CET4434987613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.516825914 CET49876443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.516851902 CET4434987613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.517491102 CET49876443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.517498016 CET4434987613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.567286015 CET4434987513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.567372084 CET4434987513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.567425966 CET49875443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.567769051 CET49875443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.567790985 CET4434987513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.567804098 CET49875443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.567810059 CET4434987513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.571487904 CET49880443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.571523905 CET4434988013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.571589947 CET49880443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.571727037 CET49880443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.571738005 CET4434988013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.649451971 CET4434987613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.649522066 CET4434987613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.649585009 CET49876443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.649765968 CET49876443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.649782896 CET4434987613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.649796963 CET49876443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.649804115 CET4434987613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.653033018 CET49881443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.653076887 CET4434988113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.653160095 CET49881443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.653289080 CET49881443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.653304100 CET4434988113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.709439039 CET4434987813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.711321115 CET49878443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.711333990 CET4434987813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.718194008 CET49878443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.718202114 CET4434987813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.722208977 CET4434987713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.722728014 CET49877443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.722764015 CET4434987713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.723268032 CET49877443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.723274946 CET4434987713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.845254898 CET4434987813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.845427990 CET4434987813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.845494032 CET49878443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.845618963 CET49878443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.845638990 CET4434987813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.845649958 CET49878443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.845657110 CET4434987813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.848895073 CET49882443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.848969936 CET4434988213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.849054098 CET49882443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.849380016 CET49882443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.849431992 CET4434988213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.859009981 CET4434987713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.859358072 CET4434987713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.859435081 CET49877443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.859556913 CET49877443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.859584093 CET4434987713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.859596014 CET49877443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.859601021 CET4434987713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.861536026 CET49883443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.861573935 CET4434988313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.863102913 CET49883443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.863210917 CET49883443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.863233089 CET4434988313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.971585989 CET4434987913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.972069025 CET49879443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.972098112 CET4434987913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:15.972567081 CET49879443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:15.972573042 CET4434987913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.103111029 CET4434987913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.103389025 CET4434987913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.103456974 CET49879443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.103518963 CET49879443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.103543043 CET4434987913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.103563070 CET49879443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.103569984 CET4434987913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.106554985 CET49884443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.106585979 CET4434988413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.106657982 CET49884443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.106798887 CET49884443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.106810093 CET4434988413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.323992968 CET4434988013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.324834108 CET49880443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.324867964 CET4434988013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.325298071 CET49880443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.325303078 CET4434988013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.444847107 CET4434988113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.445918083 CET49881443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.445946932 CET4434988113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.446386099 CET49881443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.446392059 CET4434988113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.460493088 CET4434988013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.460690022 CET4434988013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.461860895 CET49880443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.461903095 CET49880443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.461925983 CET4434988013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.461936951 CET49880443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.461942911 CET4434988013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.466820002 CET49885443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.466862917 CET4434988513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.467642069 CET49885443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.467837095 CET49885443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.467850924 CET4434988513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.576258898 CET4434988213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.576807022 CET49882443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.576837063 CET4434988213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.577290058 CET49882443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.577297926 CET4434988213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.581655979 CET4434988113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.581684113 CET4434988113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.581746101 CET4434988113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.581752062 CET49881443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.581779957 CET49881443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.582036972 CET49881443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.582057953 CET4434988113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.582068920 CET49881443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.582075119 CET4434988113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.585762978 CET49886443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.585808992 CET4434988613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.585874081 CET49886443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.586016893 CET49886443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.586026907 CET4434988613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.605041981 CET4434988313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.605562925 CET49883443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.605592966 CET4434988313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.605952978 CET49883443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.605958939 CET4434988313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.708337069 CET4434988213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.708406925 CET4434988213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.708631039 CET49882443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.708758116 CET49882443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.708780050 CET4434988213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.708792925 CET49882443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.708800077 CET4434988213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.711601019 CET49887443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.711652994 CET4434988713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.712678909 CET49887443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.712898016 CET49887443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.712914944 CET4434988713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.738768101 CET4434988313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.738809109 CET4434988313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.738871098 CET49883443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.738874912 CET4434988313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.739136934 CET49883443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.739161968 CET4434988313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.739182949 CET49883443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.739190102 CET4434988313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.741955996 CET49888443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.742001057 CET4434988813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.742137909 CET49888443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.742264032 CET49888443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.742280006 CET4434988813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.855345964 CET4434988413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.855950117 CET49884443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.855962992 CET4434988413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.856873035 CET49884443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.856878042 CET4434988413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.990278006 CET4434988413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.990489960 CET4434988413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.990708113 CET49884443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.991245985 CET49884443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.991276979 CET4434988413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.991292000 CET49884443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.991301060 CET4434988413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.995556116 CET49889443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.995595932 CET4434988913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:16.995704889 CET49889443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.995970964 CET49889443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:16.995985985 CET4434988913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.210264921 CET4434988513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.210884094 CET49885443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.210920095 CET4434988513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.211400032 CET49885443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.211405039 CET4434988513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.316602945 CET4434988613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.318232059 CET49886443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.318260908 CET4434988613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.318809986 CET49886443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.318820953 CET4434988613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.342580080 CET4434988513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.342642069 CET4434988513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.342750072 CET49885443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.343137980 CET49885443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.343153954 CET4434988513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.343163967 CET49885443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.343168974 CET4434988513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.346479893 CET49890443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.346515894 CET4434989013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.346597910 CET49890443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.346894979 CET49890443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.346915960 CET4434989013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.444055080 CET4434988613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.444143057 CET4434988613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.444200993 CET49886443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.444453001 CET49886443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.444478035 CET4434988613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.444499016 CET49886443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.444505930 CET4434988613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.447818041 CET49891443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.447856903 CET4434989113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.447923899 CET49891443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.448077917 CET49891443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.448091030 CET4434989113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.454926968 CET4434988713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.455569983 CET49887443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.455591917 CET4434988713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.456094027 CET49887443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.456099033 CET4434988713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.463519096 CET4434988813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.464380980 CET49888443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.464394093 CET4434988813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.464857101 CET49888443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.464860916 CET4434988813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.587105036 CET4434988713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.587160110 CET4434988713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.587208986 CET4434988713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.587213039 CET49887443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.587254047 CET49887443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.587585926 CET49887443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.587606907 CET4434988713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.587616920 CET49887443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.587624073 CET4434988713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.590379000 CET49892443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.590423107 CET4434989213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.590501070 CET49892443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.590647936 CET49892443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.590661049 CET4434989213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.592842102 CET4434988813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.592921019 CET4434988813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.592967033 CET49888443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.593067884 CET49888443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.593082905 CET4434988813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.593092918 CET49888443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.593096972 CET4434988813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.595339060 CET49893443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.595386028 CET4434989313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.597871065 CET49893443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.597968102 CET49893443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.597981930 CET4434989313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.741755962 CET4434988913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.742463112 CET49889443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.742487907 CET4434988913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.742969036 CET49889443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.742974997 CET4434988913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.878510952 CET4434988913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.878611088 CET4434988913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.878828049 CET49889443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.879331112 CET49889443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.879354954 CET4434988913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.879365921 CET49889443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.879370928 CET4434988913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.882447004 CET49894443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.882544994 CET4434989413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:17.882657051 CET49894443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.882819891 CET49894443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:17.882854939 CET4434989413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.093746901 CET4434989013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.094543934 CET49890443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.094569921 CET4434989013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.095017910 CET49890443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.095025063 CET4434989013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.183125019 CET4434989113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.183655977 CET49891443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.183672905 CET4434989113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.184159994 CET49891443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.184165001 CET4434989113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.225888968 CET4434989013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.226077080 CET4434989013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.226562023 CET49890443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.226615906 CET49890443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.226634026 CET4434989013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.226650953 CET49890443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.226656914 CET4434989013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.230734110 CET49895443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.230777025 CET4434989513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.230859041 CET49895443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.231045961 CET49895443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.231057882 CET4434989513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.314244032 CET4434989113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.314284086 CET4434989113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.314362049 CET4434989113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.314363956 CET49891443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.314567089 CET49891443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.314594030 CET4434989113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.314605951 CET49891443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.314614058 CET4434989113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.314623117 CET49891443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.314625978 CET4434989113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.318272114 CET49896443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.318327904 CET4434989613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.318447113 CET49896443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.318630934 CET49896443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.318646908 CET4434989613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.329916000 CET4434989313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.330321074 CET49893443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.330338955 CET4434989313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.330935955 CET49893443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.330943108 CET4434989313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.365504026 CET4434989213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.366110086 CET49892443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.366127968 CET4434989213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.366569042 CET49892443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.366575003 CET4434989213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.465496063 CET4434989313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.465536118 CET4434989313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.465595961 CET4434989313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.465601921 CET49893443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.465810061 CET49893443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.465897083 CET49893443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.465920925 CET4434989313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.465933084 CET49893443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.465939045 CET4434989313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.469212055 CET49897443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.469270945 CET4434989713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.469521046 CET49897443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.469669104 CET49897443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.469683886 CET4434989713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.504508018 CET4434989213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.504662037 CET4434989213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.504960060 CET49892443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.505060911 CET49892443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.505086899 CET4434989213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.505099058 CET49892443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.505105972 CET4434989213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.507360935 CET49898443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.507464886 CET4434989813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.507617950 CET49898443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.507783890 CET49898443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.507822990 CET4434989813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.620327950 CET4434989413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.620965004 CET49894443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.620979071 CET4434989413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.621448994 CET49894443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.621454000 CET4434989413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.749955893 CET4434989413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.750068903 CET4434989413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.750139952 CET49894443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.750376940 CET49894443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.750397921 CET4434989413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.750403881 CET49894443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.750410080 CET4434989413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.753356934 CET49899443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.753464937 CET4434989913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:18.753714085 CET49899443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.753866911 CET49899443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:18.753887892 CET4434989913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.025815010 CET4434989513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.026506901 CET49895443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.026542902 CET4434989513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.027329922 CET49895443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.027334929 CET4434989513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.051435947 CET4434989613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.051943064 CET49896443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.051983118 CET4434989613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.052603960 CET49896443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.052612066 CET4434989613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.161839962 CET4434989513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.161920071 CET4434989513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.162484884 CET49895443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.162755966 CET49895443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.162781000 CET4434989513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.162794113 CET49895443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.162800074 CET4434989513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.165946960 CET49900443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.166002035 CET4434990013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.166074038 CET49900443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.166233063 CET49900443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.166245937 CET4434990013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.182677031 CET4434989613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.182810068 CET4434989613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.183248997 CET49896443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.183330059 CET49896443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.183346033 CET4434989613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.183377981 CET49896443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.183383942 CET4434989613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.185439110 CET49901443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.185482979 CET4434990113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.185645103 CET49901443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.185766935 CET49901443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.185779095 CET4434990113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.213543892 CET4434989713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.213944912 CET49897443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.213984013 CET4434989713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.214402914 CET49897443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.214409113 CET4434989713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.279020071 CET4434989813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.280560017 CET49898443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.280585051 CET4434989813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.281183004 CET49898443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.281188965 CET4434989813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.345736980 CET4434989713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.345808029 CET4434989713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.345859051 CET4434989713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.345931053 CET49897443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.346124887 CET49897443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.346151114 CET4434989713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.346169949 CET49897443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.346178055 CET4434989713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.349114895 CET49902443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.349169970 CET4434990213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.349251032 CET49902443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.349422932 CET49902443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.349435091 CET4434990213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.441013098 CET4434989813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.441180944 CET4434989813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.441375971 CET49898443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.441441059 CET49898443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.441441059 CET49898443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.441468000 CET4434989813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.441478014 CET4434989813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.449570894 CET49903443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.449632883 CET4434990313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.449717999 CET49903443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.449867964 CET49903443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.449877977 CET4434990313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.505817890 CET4434989913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.507128954 CET49899443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.507220984 CET4434989913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.507586956 CET49899443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.507605076 CET4434989913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.638735056 CET4434989913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.638829947 CET4434989913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.638919115 CET49899443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.639214039 CET49899443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.639242887 CET4434989913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.639259100 CET49899443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.639266014 CET4434989913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.644292116 CET49904443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.644339085 CET4434990413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.644475937 CET49904443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.645035982 CET49904443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.645049095 CET4434990413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.925954103 CET4434990113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.926762104 CET49901443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.926795006 CET4434990113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.927262068 CET49901443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.927267075 CET4434990113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.927402020 CET4434990013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.927901983 CET49900443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.927941084 CET4434990013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:19.928620100 CET49900443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:19.928631067 CET4434990013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.059555054 CET4434990013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.059741020 CET4434990013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.059820890 CET49900443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.060126066 CET49900443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.060148001 CET4434990013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.060158968 CET49900443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.060164928 CET4434990013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.065345049 CET49905443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.065392017 CET4434990513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.065455914 CET49905443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.065748930 CET49905443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.065762997 CET4434990513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.072819948 CET4434990113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.072850943 CET4434990113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.072909117 CET49901443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.072921038 CET4434990113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.073158979 CET49901443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.073183060 CET4434990113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.073196888 CET49901443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.073196888 CET49901443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.073204994 CET4434990113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.073210955 CET4434990113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.075942993 CET49906443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.075992107 CET4434990613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.076185942 CET49906443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.076185942 CET49906443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.076217890 CET4434990613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.117672920 CET4434990213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.118057966 CET49902443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.118077993 CET4434990213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.118552923 CET49902443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.118556976 CET4434990213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.429791927 CET4434990213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.429863930 CET4434990213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.429975033 CET49902443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.430186987 CET49902443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.430200100 CET4434990213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.430213928 CET49902443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.430219889 CET4434990213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.431369066 CET4434990313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.431921959 CET49903443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.431952953 CET4434990313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.432279110 CET49903443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.432286978 CET4434990313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.433727026 CET49907443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.433768988 CET4434990713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.435642004 CET49907443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.435839891 CET49907443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.435853958 CET4434990713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.566478014 CET4434990413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.566998959 CET4434990313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.567080021 CET49904443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.567085981 CET4434990313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.567111969 CET4434990413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.567140102 CET49903443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.567435026 CET49903443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.567450047 CET4434990313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.567600012 CET49904443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.567610025 CET4434990413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.570611954 CET49908443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.570635080 CET4434990813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.572093964 CET49908443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.572241068 CET49908443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.572251081 CET4434990813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.714819908 CET4434990413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.714896917 CET4434990413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.715125084 CET49904443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.715162039 CET49904443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.715162039 CET49904443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.715179920 CET4434990413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.715192080 CET4434990413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.717993975 CET49909443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.718028069 CET4434990913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.718091965 CET49909443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.718235016 CET49909443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.718250990 CET4434990913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.802552938 CET4434990513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.803265095 CET49905443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.803297997 CET4434990513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.803764105 CET49905443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.803769112 CET4434990513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.821341038 CET4434990613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.822000027 CET49906443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.822026968 CET4434990613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.822411060 CET49906443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.822417021 CET4434990613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.936976910 CET4434990513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.937005043 CET4434990513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.937050104 CET4434990513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.937083006 CET49905443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.937122107 CET49905443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.937403917 CET49905443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.937426090 CET4434990513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.937443018 CET49905443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.937448025 CET4434990513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.940674067 CET49910443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.940711975 CET4434991013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.940804005 CET49910443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.940941095 CET49910443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.940953016 CET4434991013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.953876972 CET4434990613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.953954935 CET4434990613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.954077959 CET49906443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.954122066 CET49906443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.954122066 CET49906443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.954144955 CET4434990613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.954157114 CET4434990613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.956156969 CET49911443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.956198931 CET4434991113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:20.956257105 CET49911443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.956373930 CET49911443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:20.956386089 CET4434991113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.184391975 CET4434990713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.187146902 CET49907443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.187171936 CET4434990713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.187587023 CET49907443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.187594891 CET4434990713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.306809902 CET4434990813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.307456017 CET49908443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.307491064 CET4434990813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.308007002 CET49908443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.308012962 CET4434990813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.313949108 CET4434990713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.314029932 CET4434990713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.314167023 CET49907443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.314382076 CET49907443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.314382076 CET49907443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.314434052 CET4434990713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.314462900 CET4434990713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.317945004 CET49912443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.317986012 CET4434991213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.318264008 CET49912443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.318631887 CET49912443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.318645954 CET4434991213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.439637899 CET4434990813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.439713001 CET4434990813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.439941883 CET49908443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.440026999 CET49908443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.440051079 CET4434990813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.440067053 CET49908443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.440078020 CET4434990813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.440608978 CET4434990913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.441179037 CET49909443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.441191912 CET4434990913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.441989899 CET49909443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.441994905 CET4434990913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.444967985 CET49913443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.445003986 CET4434991313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.445097923 CET49913443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.445239067 CET49913443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.445251942 CET4434991313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.569116116 CET4434990913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.569144964 CET4434990913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.569197893 CET4434990913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.569220066 CET49909443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.569246054 CET49909443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.569619894 CET49909443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.569633007 CET4434990913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.573631048 CET49914443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.573676109 CET4434991413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.573838949 CET49914443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.573986053 CET49914443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.573997021 CET4434991413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.691833019 CET4434991113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.692548037 CET49911443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.692574024 CET4434991113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.693103075 CET49911443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.693108082 CET4434991113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.710283041 CET4434991013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.710844040 CET49910443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.710870981 CET4434991013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.711419106 CET49910443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.711425066 CET4434991013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.821798086 CET4434991113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.821867943 CET4434991113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.821918964 CET4434991113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.821933031 CET49911443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.821954012 CET49911443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.822302103 CET49911443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.822321892 CET4434991113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.822331905 CET49911443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.822338104 CET4434991113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.825323105 CET49915443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.825366974 CET4434991513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.825438976 CET49915443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.825602055 CET49915443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.825614929 CET4434991513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.849392891 CET4434991013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.849616051 CET4434991013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.849711895 CET49910443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.851106882 CET49910443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.851123095 CET4434991013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.851134062 CET49910443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.851139069 CET4434991013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.854336023 CET49916443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.854370117 CET4434991613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:21.854438066 CET49916443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.854629993 CET49916443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:21.854645967 CET4434991613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.169518948 CET4434991313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.170085907 CET49913443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.170108080 CET4434991313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.170573950 CET49913443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.170578957 CET4434991313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.266952038 CET4434991213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.267467022 CET49912443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.267481089 CET4434991213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.268030882 CET49912443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.268040895 CET4434991213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.307519913 CET4434991313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.307552099 CET4434991313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.307606936 CET4434991313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.307622910 CET49913443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.307665110 CET49913443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.307889938 CET49913443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.307909012 CET4434991313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.307919025 CET49913443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.307925940 CET4434991313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.309858084 CET4434991413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.310215950 CET49914443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.310236931 CET4434991413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.310663939 CET49914443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.310668945 CET4434991413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.311345100 CET49917443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.311388016 CET4434991713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.311530113 CET49917443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.311655998 CET49917443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.311672926 CET4434991713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.401581049 CET4434991213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.401870012 CET4434991213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.401963949 CET49912443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.402013063 CET49912443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.402034044 CET4434991213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.402045012 CET49912443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.402050972 CET4434991213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.404797077 CET49918443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.404834032 CET4434991813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.405086040 CET49918443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.405232906 CET49918443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.405240059 CET4434991813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.442043066 CET4434991413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.442116976 CET4434991413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.442361116 CET49914443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.442495108 CET49914443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.442500114 CET4434991413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.442509890 CET49914443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.442513943 CET4434991413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.445480108 CET49919443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.445522070 CET4434991913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.445729017 CET49919443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.445854902 CET49919443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.445871115 CET4434991913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.569727898 CET4434991513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.578286886 CET49915443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.578301907 CET4434991513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.579277039 CET49915443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.579282045 CET4434991513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.582561970 CET4434991613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.583610058 CET49916443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.583642006 CET4434991613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.584069967 CET49916443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.584074974 CET4434991613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.708297968 CET4434991513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.708394051 CET4434991513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.708451986 CET4434991513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.708483934 CET49915443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.708506107 CET49915443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.709019899 CET49915443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.709038973 CET4434991513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.709064007 CET49915443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.709069014 CET4434991513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.711039066 CET4434991613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.711112022 CET4434991613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.711756945 CET49916443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.712080956 CET49916443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.712102890 CET4434991613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.712114096 CET49916443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.712120056 CET4434991613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.716378927 CET49920443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.716480970 CET4434992013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.716568947 CET49920443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.716825008 CET49920443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.716877937 CET4434992013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.717147112 CET49921443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.717243910 CET4434992113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:22.717336893 CET49921443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.717438936 CET49921443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:22.717477083 CET4434992113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.042074919 CET4434991713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.042840004 CET49917443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.042870045 CET4434991713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.043438911 CET49917443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.043447971 CET4434991713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.135847092 CET4434991813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.136482000 CET49918443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.136497974 CET4434991813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.137099981 CET49918443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.137106895 CET4434991813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.172496080 CET4434991713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.172534943 CET4434991713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.172586918 CET4434991713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.172617912 CET49917443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.172662020 CET49917443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.173017025 CET49917443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.173038006 CET4434991713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.173134089 CET49917443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.173142910 CET4434991713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.176661968 CET49922443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.176757097 CET4434992213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.176974058 CET49922443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.177109003 CET49922443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.177145958 CET4434992213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.180425882 CET4434991913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.180907011 CET49919443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.180924892 CET4434991913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.181696892 CET49919443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.181704044 CET4434991913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.271733046 CET4434991813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.271806002 CET4434991813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.271888018 CET49918443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.272187948 CET49918443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.272202015 CET4434991813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.272212982 CET49918443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.272221088 CET4434991813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.276257992 CET49923443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.276350975 CET4434992313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.276537895 CET49923443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.276870966 CET49923443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.276910067 CET4434992313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.314467907 CET4434991913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.314538002 CET4434991913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.314661980 CET49919443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.314934015 CET49919443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.314955950 CET4434991913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.314968109 CET49919443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.314975977 CET4434991913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.318979979 CET49924443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.319008112 CET4434992413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.319154024 CET49924443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.319331884 CET49924443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.319345951 CET4434992413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.447419882 CET4434992113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.448055029 CET49921443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.448151112 CET4434992113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.448440075 CET49921443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.448456049 CET4434992113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.481056929 CET4434992013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.481400967 CET49920443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.481467009 CET4434992013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.481806993 CET49920443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.481827021 CET4434992013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.579133987 CET4434992113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.579161882 CET4434992113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.579205990 CET4434992113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.579699039 CET49921443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.579905033 CET49921443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.579905033 CET49921443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.579952955 CET4434992113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.579997063 CET4434992113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.583179951 CET49925443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.583233118 CET4434992513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.583345890 CET49925443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.583604097 CET49925443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.583619118 CET4434992513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.627259970 CET4434992013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.627334118 CET4434992013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.627652884 CET49920443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.627652884 CET49920443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.627652884 CET49920443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.630661964 CET49926443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.630701065 CET4434992613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.630778074 CET49926443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.630923033 CET49926443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.630938053 CET4434992613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:23.941562891 CET49920443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:23.941638947 CET4434992013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.042871952 CET4434992413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.044481039 CET49924443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.044508934 CET4434992413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.045268059 CET49924443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.045274019 CET4434992413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.071034908 CET4434992313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.072341919 CET49923443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.072405100 CET4434992313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.072947979 CET49923443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.072963953 CET4434992313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.171190977 CET4434992413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.171269894 CET4434992413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.171638012 CET49924443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.171746969 CET49924443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.171767950 CET4434992413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.171780109 CET49924443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.171785116 CET4434992413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.175538063 CET49927443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.175584078 CET4434992713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.175638914 CET49927443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.175791025 CET49927443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.175800085 CET4434992713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.208044052 CET4434992313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.208093882 CET4434992313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.208159924 CET49923443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.208221912 CET4434992313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.208252907 CET4434992313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.208363056 CET49923443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.208673000 CET49923443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.208673000 CET49923443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.208714962 CET4434992313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.208722115 CET4434992313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.212229013 CET49928443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.212281942 CET4434992813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.212481022 CET49928443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.212798119 CET49928443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.212814093 CET4434992813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.260242939 CET4434992213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.260804892 CET49922443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.260881901 CET4434992213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.261689901 CET49922443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.261707067 CET4434992213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.333604097 CET4434992513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.334523916 CET49925443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.334554911 CET4434992513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.335185051 CET49925443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.335191011 CET4434992513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.371598005 CET4434992613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.372222900 CET49926443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.372255087 CET4434992613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.373102903 CET49926443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.373107910 CET4434992613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.389645100 CET4434992213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.389724970 CET4434992213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.389830112 CET49922443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.390288115 CET49922443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.390346050 CET4434992213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.390377998 CET49922443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.390394926 CET4434992213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.395292997 CET49929443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.395349979 CET4434992913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.395479918 CET49929443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.395886898 CET49929443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.395903111 CET4434992913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.468024015 CET4434992513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.468080044 CET4434992513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.468156099 CET49925443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.468373060 CET49925443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.468398094 CET4434992513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.468408108 CET49925443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.468414068 CET4434992513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.473467112 CET49930443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.473509073 CET4434993013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.473586082 CET49930443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.474160910 CET49930443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.474179029 CET4434993013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.503046989 CET4434992613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.503109932 CET4434992613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.503180981 CET49926443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.503386974 CET49926443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.503401995 CET4434992613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.503411055 CET49926443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.503416061 CET4434992613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.507476091 CET49931443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.507540941 CET4434993113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.507622957 CET49931443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.507782936 CET49931443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.507797956 CET4434993113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.906810045 CET4434992713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.907458067 CET49927443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.907475948 CET4434992713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.907960892 CET49927443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.907965899 CET4434992713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.943552017 CET4434992813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.946301937 CET49928443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.946327925 CET4434992813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:24.946810007 CET49928443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:24.946815968 CET4434992813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.038928986 CET4434992713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.038964987 CET4434992713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.039014101 CET4434992713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.039028883 CET49927443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.039074898 CET49927443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.039300919 CET49927443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.039300919 CET49927443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.039319992 CET4434992713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.039329052 CET4434992713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.042634010 CET49932443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.042676926 CET4434993213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.042815924 CET49932443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.042973995 CET49932443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.042988062 CET4434993213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.079479933 CET4434992813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.079561949 CET4434992813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.079828024 CET49928443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.079874992 CET49928443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.079874992 CET49928443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.079899073 CET4434992813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.079914093 CET4434992813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.083338976 CET49933443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.083393097 CET4434993313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.083461046 CET49933443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.083635092 CET49933443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.083653927 CET4434993313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.136025906 CET4434992913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.136691093 CET49929443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.136730909 CET4434992913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.137187958 CET49929443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.137198925 CET4434992913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.220864058 CET4434993013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.221492052 CET49930443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.221534967 CET4434993013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.221992970 CET49930443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.222007990 CET4434993013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.248291969 CET4434993113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.249001980 CET49931443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.249037981 CET4434993113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.249438047 CET49931443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.249447107 CET4434993113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.268145084 CET4434992913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.268176079 CET4434992913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.268234968 CET4434992913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.268289089 CET49929443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.268338919 CET49929443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.268668890 CET49929443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.268693924 CET4434992913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.268712997 CET49929443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.268718958 CET4434992913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.272142887 CET49934443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.272191048 CET4434993413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.272289991 CET49934443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.272489071 CET49934443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.272502899 CET4434993413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.356357098 CET4434993013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.356472969 CET4434993013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.356626034 CET49930443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.356724024 CET49930443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.356749058 CET4434993013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.356767893 CET49930443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.356775999 CET4434993013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.361615896 CET49935443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.361661911 CET4434993513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.361795902 CET49935443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.361943960 CET49935443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.361953974 CET4434993513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.383383036 CET4434993113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.383464098 CET4434993113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.384104013 CET49931443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.384157896 CET49931443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.384179115 CET4434993113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.384191036 CET49931443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.384198904 CET4434993113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.387835979 CET49936443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.387876987 CET4434993613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.387954950 CET49936443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.388118029 CET49936443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.388127089 CET4434993613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.799770117 CET4434993213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.800656080 CET49932443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.800681114 CET4434993213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.801352024 CET49932443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.801362038 CET4434993213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.823128939 CET4434993313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.823669910 CET49933443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.823690891 CET4434993313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.824210882 CET49933443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.824218035 CET4434993313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.931127071 CET4434993213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.931215048 CET4434993213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.931282043 CET49932443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.931513071 CET49932443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.931533098 CET4434993213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.931555986 CET49932443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.931561947 CET4434993213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.935080051 CET49937443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.935136080 CET4434993713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.935873985 CET49937443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.936078072 CET49937443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.936101913 CET4434993713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.958453894 CET4434993313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.958511114 CET4434993313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.958583117 CET49933443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.960911989 CET49933443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.960931063 CET4434993313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.960943937 CET49933443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.960949898 CET4434993313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.964009047 CET49938443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.964055061 CET4434993813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:25.965727091 CET49938443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.970352888 CET49938443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:25.970372915 CET4434993813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.105149984 CET4434993513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.110786915 CET4434993613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.116638899 CET49935443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.116656065 CET4434993513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.117208958 CET49935443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.117214918 CET4434993513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.118313074 CET49936443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.118344069 CET4434993613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.119105101 CET49936443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.119116068 CET4434993613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.238325119 CET4434993413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.238974094 CET49934443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.239001989 CET4434993413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.240233898 CET49934443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.240252018 CET4434993413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.244277000 CET4434993613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.244355917 CET4434993613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.244435072 CET49936443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.244657993 CET49936443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.244678974 CET4434993613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.244693041 CET49936443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.244699001 CET4434993613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.247015953 CET4434993513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.247092009 CET4434993513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.247175932 CET49935443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.247473001 CET49939443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.247514009 CET4434993913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.247539997 CET49935443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.247555017 CET4434993513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.247572899 CET49939443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.247750998 CET49939443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.247767925 CET4434993913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.249558926 CET49940443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.249587059 CET4434994013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.249752998 CET49940443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.249885082 CET49940443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.249895096 CET4434994013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.368587017 CET4434993413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.368664026 CET4434993413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.368968964 CET49934443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.369016886 CET49934443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.369016886 CET49934443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.369038105 CET4434993413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.369050026 CET4434993413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.372281075 CET49941443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.372306108 CET4434994113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.372392893 CET49941443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.372555971 CET49941443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.372566938 CET4434994113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.689054012 CET4434993713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.690185070 CET49937443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.690217972 CET4434993713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.690691948 CET49937443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.690699100 CET4434993713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.694219112 CET4434993813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.694608927 CET49938443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.694633961 CET4434993813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.694988966 CET49938443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.694994926 CET4434993813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.822844982 CET4434993813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.822923899 CET4434993813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.823115110 CET49938443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.823292017 CET49938443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.823306084 CET4434993813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.823327065 CET49938443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.823332071 CET4434993813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.825428963 CET4434993713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.825453997 CET4434993713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.825496912 CET4434993713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.825536966 CET49937443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.825561047 CET49937443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.825654984 CET49937443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.825671911 CET4434993713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.825680971 CET49937443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.825685024 CET4434993713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.826706886 CET49942443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.826735973 CET4434994213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.826812029 CET49942443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.827393055 CET49942443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.827409983 CET4434994213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.828442097 CET49943443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.828465939 CET4434994313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.828533888 CET49943443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.828665972 CET49943443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.828676939 CET4434994313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.978244066 CET4434993913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.979119062 CET49939443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.979141951 CET4434993913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.979753017 CET49939443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.979757071 CET4434993913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.991015911 CET4434994013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.992003918 CET49940443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.992022038 CET4434994013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:26.992624044 CET49940443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:26.992630005 CET4434994013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.108238935 CET4434993913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.108371019 CET4434993913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.109927893 CET49939443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.110194921 CET49939443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.110213041 CET4434993913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.110222101 CET49939443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.110229015 CET4434993913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.112638950 CET4434994113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.113641024 CET49944443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.113693953 CET4434994413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.113756895 CET49944443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.114042044 CET49941443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.114062071 CET4434994113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.114902020 CET49941443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.114907980 CET4434994113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.116091013 CET49944443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.116112947 CET4434994413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.124212980 CET4434994013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.124285936 CET4434994013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.124351978 CET49940443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.124540091 CET49940443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.124564886 CET4434994013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.124783993 CET49940443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.124792099 CET4434994013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.127883911 CET49945443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.127934933 CET4434994513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.128163099 CET49945443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.128463030 CET49945443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.128484964 CET4434994513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.252063036 CET4434994113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.252110958 CET4434994113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.252281904 CET4434994113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.252363920 CET49941443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.252460957 CET49941443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.252477884 CET4434994113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.252489090 CET49941443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.252494097 CET4434994113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.255995035 CET49946443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.256042004 CET4434994613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.256134987 CET49946443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.256628990 CET49946443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.256649017 CET4434994613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.562138081 CET4434994313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.562813997 CET49943443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.562840939 CET4434994313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.563368082 CET49943443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.563375950 CET4434994313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.601659060 CET4434994213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.603118896 CET49942443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.603135109 CET4434994213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.603691101 CET49942443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.603696108 CET4434994213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.692305088 CET4434994313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.692337990 CET4434994313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.692392111 CET4434994313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.692414045 CET49943443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.692435980 CET49943443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.693419933 CET49943443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.693439007 CET4434994313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.693449974 CET49943443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.693454981 CET4434994313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.697185993 CET49947443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.697282076 CET4434994713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.698000908 CET49947443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.700598955 CET49947443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.700638056 CET4434994713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.740679979 CET4434994213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.740715981 CET4434994213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.740767002 CET4434994213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.740796089 CET49942443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.740829945 CET49942443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.741106987 CET49942443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.741132021 CET4434994213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.741142988 CET49942443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.741148949 CET4434994213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.744307995 CET49948443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.744354010 CET4434994813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.744441986 CET49948443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.744607925 CET49948443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.744622946 CET4434994813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.847897053 CET4434994413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.848618031 CET49944443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.848651886 CET4434994413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.849117994 CET49944443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.849126101 CET4434994413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.939593077 CET4434994513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.940253973 CET49945443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.940304041 CET4434994513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.940718889 CET49945443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.940737009 CET4434994513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.978111982 CET4434994413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.978177071 CET4434994413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.978431940 CET49944443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.978521109 CET49944443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.978521109 CET49944443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.978565931 CET4434994413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.978600025 CET4434994413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.981383085 CET49949443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.981426001 CET4434994913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.981519938 CET49949443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.981647968 CET49949443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.981658936 CET4434994913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.992871046 CET4434994613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.993442059 CET49946443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.993484974 CET4434994613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:27.993916988 CET49946443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:27.993928909 CET4434994613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.073551893 CET4434994513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.073582888 CET4434994513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.073642969 CET4434994513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.073645115 CET49945443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.073735952 CET49945443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.074526072 CET49945443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.074553013 CET4434994513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.074798107 CET49945443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.074810982 CET4434994513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.077943087 CET49950443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.077991009 CET4434995013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.078203917 CET49950443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.078349113 CET49950443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.078356981 CET4434995013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.123131037 CET4434994613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.123197079 CET4434994613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.123297930 CET49946443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.124721050 CET49946443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.124721050 CET49946443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.124763966 CET4434994613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.124789953 CET4434994613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.130125046 CET49951443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.130170107 CET4434995113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.130330086 CET49951443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.131841898 CET49951443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.131858110 CET4434995113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.438930988 CET4434994713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.440715075 CET49947443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.440777063 CET4434994713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.441210032 CET49947443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.441242933 CET4434994713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.474922895 CET4434994813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.475543022 CET49948443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.475570917 CET4434994813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.476396084 CET49948443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.476402044 CET4434994813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.570009947 CET4434994713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.570035934 CET4434994713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.570102930 CET4434994713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.570112944 CET49947443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.570153952 CET49947443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.570324898 CET49947443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.570324898 CET49947443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.570353985 CET4434994713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.570378065 CET4434994713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.573926926 CET49952443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.573971033 CET4434995213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.574054956 CET49952443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.574213982 CET49952443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.574227095 CET4434995213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.606134892 CET4434994813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.606246948 CET4434994813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.606290102 CET4434994813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.606308937 CET49948443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.606339931 CET49948443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.606540918 CET49948443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.606574059 CET4434994813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.606586933 CET49948443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.606594086 CET4434994813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.609998941 CET49953443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.610024929 CET4434995313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.610104084 CET49953443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.610261917 CET49953443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.610274076 CET4434995313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.726394892 CET4434994913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.726871014 CET49949443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.726895094 CET4434994913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.727493048 CET49949443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.727499008 CET4434994913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.848618984 CET4434995013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.849608898 CET49950443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.849644899 CET4434995013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.850907087 CET49950443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.850914001 CET4434995013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.858972073 CET4434995113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.859453917 CET4434994913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.859488010 CET4434994913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.859539032 CET4434994913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.859539032 CET49949443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.859663010 CET49951443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.859682083 CET4434995113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.859690905 CET49949443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.860337973 CET49951443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.860342979 CET4434995113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.860517025 CET49949443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.860529900 CET4434994913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.860541105 CET49949443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.860546112 CET4434994913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.864396095 CET49954443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.864432096 CET4434995413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.864512920 CET49954443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.864691973 CET49954443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.864706039 CET4434995413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.987178087 CET4434995013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.987255096 CET4434995013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.987332106 CET49950443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.987571001 CET49950443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.987597942 CET4434995013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.987612009 CET49950443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.987626076 CET4434995013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.988012075 CET4434995113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.988323927 CET4434995113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.988393068 CET49951443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.988454103 CET49951443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.988476038 CET4434995113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.988488913 CET49951443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.988496065 CET4434995113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.992914915 CET49956443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.992928028 CET49955443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.992952108 CET4434995613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.992979050 CET4434995513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.993060112 CET49956443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.993171930 CET49955443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.993175983 CET49956443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.993187904 CET4434995613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:28.993429899 CET49955443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:28.993453026 CET4434995513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.332104921 CET4434995213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.332834005 CET49952443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.332853079 CET4434995213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.333432913 CET49952443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.333440065 CET4434995213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.382261038 CET4434995313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.382976055 CET49953443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.382996082 CET4434995313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.383464098 CET49953443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.383471012 CET4434995313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.467293978 CET4434995213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.467369080 CET4434995213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.467453003 CET49952443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.467746019 CET49952443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.467746019 CET49952443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.467763901 CET4434995213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.467772961 CET4434995213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.471782923 CET49957443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.471817970 CET4434995713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.471901894 CET49957443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.472064972 CET49957443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.472076893 CET4434995713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.515033960 CET4434995313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.515059948 CET4434995313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.515101910 CET4434995313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.515131950 CET49953443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.515178919 CET49953443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.515450001 CET49953443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.515467882 CET4434995313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.515480042 CET49953443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.515485048 CET4434995313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.518810034 CET49958443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.518857002 CET4434995813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.518958092 CET49958443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.519134045 CET49958443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.519145012 CET4434995813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.595446110 CET4434995413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.600106955 CET49954443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.600125074 CET4434995413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.600606918 CET49954443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.600611925 CET4434995413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.714396000 CET4434995613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.715090036 CET49956443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.715106010 CET4434995613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.715477943 CET49956443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.715483904 CET4434995613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.725137949 CET4434995513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.726094007 CET49955443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.726111889 CET4434995513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.726794958 CET49955443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.726803064 CET4434995513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.727389097 CET4434995413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.727488995 CET4434995413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.728024006 CET49954443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.728060961 CET49954443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.728086948 CET4434995413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.728096008 CET49954443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.728101969 CET4434995413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.731007099 CET49959443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.731034994 CET4434995913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.731144905 CET49959443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.731431961 CET49959443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.731445074 CET4434995913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.843750000 CET4434995613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.844029903 CET4434995613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.844257116 CET49956443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.844541073 CET49956443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.844558954 CET4434995613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.844568014 CET49956443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.844574928 CET4434995613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.847676992 CET49960443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.847752094 CET4434996013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.848056078 CET49960443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.848582983 CET49960443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.848622084 CET4434996013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.864586115 CET4434995513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.864617109 CET4434995513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.864664078 CET4434995513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.864677906 CET49955443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.864711046 CET49955443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.864881992 CET49955443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.864898920 CET4434995513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.864908934 CET49955443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.864913940 CET4434995513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.868290901 CET49961443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.868346930 CET4434996113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:29.868454933 CET49961443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.868629932 CET49961443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:29.868659973 CET4434996113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.216123104 CET4434995713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.255742073 CET49957443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.269285917 CET4434995813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.292258024 CET49957443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.292278051 CET4434995713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.296135902 CET49957443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.296139956 CET4434995713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.316406965 CET49958443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.316445112 CET4434995813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.317222118 CET49958443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.317234993 CET4434995813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.430450916 CET4434995713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.430660963 CET4434995713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.430708885 CET49957443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.430721998 CET4434995713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.430769920 CET49957443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.431014061 CET49957443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.431032896 CET4434995713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.431044102 CET49957443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.431050062 CET4434995713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.436511993 CET49962443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.436587095 CET4434996213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.436666012 CET49962443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.436829090 CET49962443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.436850071 CET4434996213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.446455956 CET4434995813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.446520090 CET4434995813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.446569920 CET49958443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.446856022 CET49958443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.446876049 CET4434995813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.446890116 CET49958443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.446894884 CET4434995813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.449769020 CET49963443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.449861050 CET4434996313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.449945927 CET49963443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.450095892 CET49963443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.450133085 CET4434996313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.504524946 CET4434995913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.511461973 CET49959443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.511482954 CET4434995913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.512223959 CET49959443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.512229919 CET4434995913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.613488913 CET4434996113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.614049911 CET49961443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.614084005 CET4434996113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.614619970 CET49961443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.614634037 CET4434996113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.618107080 CET4434996013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.620050907 CET49960443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.620083094 CET4434996013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.620714903 CET49960443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.620728970 CET4434996013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.646626949 CET4434995913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.646734953 CET4434995913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.646790028 CET49959443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.650847912 CET49959443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.650872946 CET4434995913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.650882959 CET49959443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.650890112 CET4434995913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.655630112 CET49964443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.655678034 CET4434996413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.655745029 CET49964443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.656101942 CET49964443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.656120062 CET4434996413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.745524883 CET4434996113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.745628119 CET4434996113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.745697021 CET49961443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.748564005 CET49961443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.748611927 CET4434996113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.748642921 CET49961443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.748661041 CET4434996113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.752994061 CET49965443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.753022909 CET4434996513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.753091097 CET49965443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.753236055 CET49965443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.753247023 CET4434996513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.771816015 CET4434996013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.773567915 CET4434996013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.773642063 CET49960443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.776375055 CET49960443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.776407003 CET4434996013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.776436090 CET49960443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.776453018 CET4434996013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.812796116 CET49966443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.812860966 CET4434996613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:30.812926054 CET49966443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.813148975 CET49966443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:30.813163042 CET4434996613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.172395945 CET4434996213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.173034906 CET49962443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.173083067 CET4434996213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.173546076 CET49962443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.173561096 CET4434996213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.202070951 CET4434996313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.202703953 CET49963443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.202773094 CET4434996313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.203185081 CET49963443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.203200102 CET4434996313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.337236881 CET4434996313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.337268114 CET4434996313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.337313890 CET4434996313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.337376118 CET49963443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.337419987 CET49963443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.338973999 CET49963443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.339008093 CET4434996313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.339046001 CET49963443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.339061975 CET4434996313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.342257977 CET49967443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.342293024 CET4434996713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.342372894 CET49967443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.342586994 CET49967443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.342602968 CET4434996713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.346892118 CET4434996213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.346975088 CET4434996213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.347055912 CET49962443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.347244024 CET49962443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.347244978 CET49962443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.347279072 CET4434996213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.347304106 CET4434996213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.354413986 CET49968443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.354469061 CET4434996813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.354547024 CET49968443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.354780912 CET49968443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.354808092 CET4434996813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.388875008 CET4434996413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.392245054 CET49964443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.392280102 CET4434996413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.392769098 CET49964443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.392776012 CET4434996413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.478251934 CET4434996513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.494261026 CET49965443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.494286060 CET4434996513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.494849920 CET49965443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.494856119 CET4434996513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.519718885 CET4434996413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.519789934 CET4434996413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.519891024 CET49964443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.520178080 CET49964443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.520198107 CET4434996413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.520210028 CET49964443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.520215988 CET4434996413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.523497105 CET49969443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.523545980 CET4434996913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.523632050 CET49969443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.523838997 CET49969443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.523859024 CET4434996913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.582727909 CET4434996613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.583641052 CET49966443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.583662987 CET4434996613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.584449053 CET49966443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.584453106 CET4434996613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.618747950 CET4434996513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.618792057 CET4434996513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.618839979 CET49965443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.618860006 CET4434996513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.618874073 CET4434996513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.618915081 CET49965443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.619252920 CET49965443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.619265079 CET4434996513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.619292021 CET49965443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.619296074 CET4434996513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.624814034 CET49970443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.624907017 CET4434997013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.625017881 CET49970443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.625633955 CET49970443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.625674963 CET4434997013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.715075016 CET4434996613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.715194941 CET4434996613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.715248108 CET49966443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.716046095 CET49966443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.716062069 CET4434996613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.716072083 CET49966443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.716078043 CET4434996613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.724215984 CET49971443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.724261999 CET4434997113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:31.724327087 CET49971443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.725727081 CET49971443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:31.725766897 CET4434997113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.062778950 CET4434996713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.064311981 CET49967443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.064332962 CET4434996713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.064925909 CET49967443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.064929962 CET4434996713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.088748932 CET4434996813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.089654922 CET49968443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.089710951 CET4434996813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.090517998 CET49968443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.090532064 CET4434996813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.193557024 CET4434996713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.193583012 CET4434996713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.193628073 CET4434996713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.193646908 CET49967443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.193691969 CET49967443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.194678068 CET49967443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.194690943 CET4434996713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.200647116 CET49972443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.200666904 CET4434997213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.200722933 CET49972443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.201128960 CET49972443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.201143026 CET4434997213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.223634958 CET4434996813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.223731041 CET4434996813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.223803043 CET49968443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.225188017 CET49968443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.225188017 CET49968443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.225224018 CET4434996813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.225245953 CET4434996813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.229209900 CET49973443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.229262114 CET4434997313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.229440928 CET49973443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.230005026 CET49973443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.230015039 CET4434997313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.242537975 CET4434996913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.244234085 CET49969443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.244287968 CET4434996913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.244880915 CET49969443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.244895935 CET4434996913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.357884884 CET4434997013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.376442909 CET49970443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.376538038 CET4434997013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.377402067 CET49970443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.377418995 CET4434997013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.386936903 CET4434996913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.386972904 CET4434996913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.387037039 CET4434996913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.387058973 CET49969443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.387095928 CET49969443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.387327909 CET49969443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.387351036 CET4434996913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.387371063 CET49969443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.387377977 CET4434996913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.390732050 CET49974443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.390762091 CET4434997413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.390842915 CET49974443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.391438961 CET49974443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.391453981 CET4434997413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.456120968 CET4434997113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.460681915 CET49971443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.460711956 CET4434997113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.461895943 CET49971443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.461901903 CET4434997113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.504116058 CET4434997013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.504194975 CET4434997013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.504288912 CET49970443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.517241955 CET49970443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.517241955 CET49970443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.517286062 CET4434997013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.517330885 CET4434997013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.522495985 CET49975443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.522542953 CET4434997513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.522624016 CET49975443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.523873091 CET49975443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.523885965 CET4434997513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.591386080 CET4434997113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.591409922 CET4434997113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.591506004 CET4434997113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.591727018 CET49971443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.601728916 CET49971443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.601728916 CET49971443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.601773977 CET4434997113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.601803064 CET4434997113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.605707884 CET49976443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.605731010 CET4434997613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.605813026 CET49976443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.606240988 CET49976443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.606255054 CET4434997613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.958204985 CET4434997313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.960460901 CET49973443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.960478067 CET4434997313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:32.961178064 CET49973443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:32.961183071 CET4434997313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.089819908 CET4434997313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.089906931 CET4434997313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.089984894 CET49973443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.090017080 CET4434997313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.090090990 CET4434997313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.090248108 CET49973443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.090467930 CET49973443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.090467930 CET49973443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.090500116 CET4434997313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.090523005 CET4434997313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.093377113 CET49977443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.093420982 CET4434997713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.093489885 CET49977443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.093837976 CET49977443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.093851089 CET4434997713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.120060921 CET4434997413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.124190092 CET49974443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.124207020 CET4434997413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.124700069 CET49974443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.124703884 CET4434997413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.137211084 CET4434997213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.137727022 CET49972443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.137736082 CET4434997213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.138173103 CET49972443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.138175964 CET4434997213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.255136967 CET4434997513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.256083012 CET49975443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.256131887 CET4434997513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.256711960 CET49975443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.256726027 CET4434997513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.267076969 CET4434997413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.267354012 CET4434997413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.267410040 CET49974443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.267520905 CET49974443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.267537117 CET49974443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.267538071 CET4434997413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.267541885 CET4434997413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.271763086 CET49978443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.271786928 CET4434997813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.271893978 CET49978443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.273210049 CET49978443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.273221016 CET4434997813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.330286980 CET4434997213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.330311060 CET4434997213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.330359936 CET4434997213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.330359936 CET49972443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.330410957 CET49972443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.330883026 CET49972443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.330889940 CET4434997213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.330899000 CET49972443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.330903053 CET4434997213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.334244967 CET49979443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.334291935 CET4434997913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.334408045 CET49979443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.335057020 CET49979443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.335068941 CET4434997913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.346879959 CET4434997613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.347461939 CET49976443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.347470999 CET4434997613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.348757982 CET49976443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.348763943 CET4434997613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.384012938 CET4434997513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.384059906 CET4434997513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.384107113 CET4434997513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.384114027 CET49975443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.384169102 CET49975443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.384885073 CET49975443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.384921074 CET4434997513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.384948969 CET49975443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.384963989 CET4434997513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.396548986 CET49980443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.396581888 CET4434998013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.396641016 CET49980443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.399970055 CET49980443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.399983883 CET4434998013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.478163958 CET4434997613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.478327036 CET4434997613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.478393078 CET49976443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.478774071 CET49976443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.478780985 CET4434997613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.478794098 CET49976443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.478799105 CET4434997613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.484147072 CET49981443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.484174967 CET4434998113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.484234095 CET49981443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.484705925 CET49981443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.484718084 CET4434998113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.823853016 CET4434997713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.826473951 CET49977443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.826488018 CET4434997713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.827126026 CET49977443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.827131987 CET4434997713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.954092026 CET4434997713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.954121113 CET4434997713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.954169035 CET4434997713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.954204082 CET49977443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.954241991 CET49977443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.954843044 CET49977443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.954859972 CET4434997713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.955027103 CET49977443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.955033064 CET4434997713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.958919048 CET49982443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.958946943 CET4434998213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:33.959135056 CET49982443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.959520102 CET49982443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:33.959536076 CET4434998213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.028714895 CET4434997813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.030594110 CET49978443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.030601978 CET4434997813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.031121969 CET49978443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.031126976 CET4434997813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.068344116 CET4434997913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.068905115 CET49979443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.068939924 CET4434997913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.069469929 CET49979443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.069477081 CET4434997913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.151413918 CET4434998013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.152195930 CET49980443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.152220011 CET4434998013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.152801991 CET49980443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.152810097 CET4434998013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.168241978 CET4434997813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.168427944 CET4434997813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.168510914 CET49978443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.168677092 CET49978443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.168685913 CET4434997813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.168754101 CET49978443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.168759108 CET4434997813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.173389912 CET49983443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.173434973 CET4434998313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.173501968 CET49983443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.173921108 CET49983443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.173943043 CET4434998313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.198494911 CET4434997913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.198514938 CET4434997913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.198549032 CET4434997913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.198568106 CET49979443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.198621988 CET49979443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.198999882 CET49979443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.199019909 CET4434997913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.203437090 CET49984443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.203464985 CET4434998413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.203536987 CET49984443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.203927994 CET49984443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.203936100 CET4434998413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.237174034 CET4434998113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.237855911 CET49981443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.237871885 CET4434998113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.238373041 CET49981443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.238377094 CET4434998113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.307759047 CET4434998013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.307833910 CET4434998013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.307895899 CET49980443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.308382988 CET49980443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.308393002 CET4434998013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.308408022 CET49980443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.308412075 CET4434998013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.312316895 CET49985443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.312333107 CET4434998513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.312428951 CET49985443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.312763929 CET49985443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.312777042 CET4434998513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.368355036 CET4434998113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.368427992 CET4434998113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.368484020 CET49981443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.368494987 CET4434998113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.368545055 CET4434998113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.368588924 CET49981443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.368828058 CET49981443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.368840933 CET4434998113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.368871927 CET49981443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.368877888 CET4434998113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.372633934 CET49986443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.372653961 CET4434998613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.372715950 CET49986443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.373008966 CET49986443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.373018980 CET4434998613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.716001987 CET4434998213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.719149113 CET49982443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.719150066 CET49982443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.719172001 CET4434998213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.719176054 CET4434998213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.849400043 CET4434998213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.849477053 CET4434998213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.849606991 CET49982443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.850009918 CET49982443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.850009918 CET49982443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.850024939 CET4434998213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.850033998 CET4434998213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.855001926 CET49987443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.855026960 CET4434998713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.855166912 CET49987443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.855427027 CET49987443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.855443001 CET4434998713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.903467894 CET4434998313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.904531956 CET49983443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.904531956 CET49983443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.904548883 CET4434998313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.904566050 CET4434998313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.924748898 CET4434998413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.928034067 CET49984443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.928049088 CET4434998413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:34.928469896 CET49984443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:34.928488970 CET4434998413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.033149004 CET4434998313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.033195019 CET4434998313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.034187078 CET49983443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.034820080 CET49983443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.034821033 CET49983443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.034837008 CET4434998313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.034846067 CET4434998313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.039287090 CET49988443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.039326906 CET4434998813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.039465904 CET49988443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.040112019 CET49988443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.040127039 CET4434998813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.044145107 CET4434998513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.046067953 CET49985443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.046087980 CET4434998513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.046587944 CET49985443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.046593904 CET4434998513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.059947968 CET4434998413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.059973955 CET4434998413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.060014963 CET4434998413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.060173035 CET49984443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.069322109 CET49984443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.069322109 CET49984443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.069335938 CET4434998413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.069344997 CET4434998413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.077666998 CET49989443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.077689886 CET4434998913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.077981949 CET49989443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.079051018 CET49989443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.079062939 CET4434998913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.109500885 CET4434998613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.110477924 CET49986443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.110486031 CET4434998613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.110979080 CET49986443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.110984087 CET4434998613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.174012899 CET4434998513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.174079895 CET4434998513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.174345970 CET49985443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.174592018 CET49985443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.174592018 CET49985443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.174602032 CET4434998513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.174611092 CET4434998513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.178277969 CET49990443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.178316116 CET4434999013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.178436041 CET49990443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.179018974 CET49990443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.179030895 CET4434999013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.238780022 CET4434998613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.238840103 CET4434998613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.239134073 CET49986443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.239691019 CET49986443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.239691019 CET49986443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.239705086 CET4434998613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.239713907 CET4434998613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.247762918 CET49991443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.247780085 CET4434999113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.251740932 CET49991443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.251996994 CET49991443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.252008915 CET4434999113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.595678091 CET4434998713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.596631050 CET49987443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.596654892 CET4434998713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.597322941 CET49987443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.597328901 CET4434998713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.728090048 CET4434998713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.728198051 CET4434998713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.728244066 CET49987443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.728255987 CET4434998713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.728277922 CET4434998713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.728344917 CET49987443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.728755951 CET49987443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.728763103 CET4434998713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.728779078 CET49987443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.728784084 CET4434998713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.732773066 CET49992443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.732808113 CET4434999213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.732881069 CET49992443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.733393908 CET49992443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.733403921 CET4434999213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.798155069 CET4434998813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.798779964 CET49988443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.798799038 CET4434998813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.799257040 CET49988443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.799263954 CET4434998813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.815676928 CET4434998913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.816514015 CET49989443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.816526890 CET4434998913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.817168951 CET49989443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.817173958 CET4434998913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.912950993 CET4434999013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.913973093 CET49990443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.913991928 CET4434999013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.914618015 CET49990443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.914623022 CET4434999013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.930056095 CET4434998813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.930104971 CET4434998813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.930156946 CET49988443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.930571079 CET49988443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.930591106 CET4434998813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.930602074 CET49988443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.930608034 CET4434998813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.935281992 CET49993443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.935307026 CET4434999313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.935375929 CET49993443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.935882092 CET49993443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.935894966 CET4434999313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.949413061 CET4434998913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.949436903 CET4434998913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.949470997 CET4434998913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.949666023 CET49989443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.949913025 CET49989443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.949913025 CET49989443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.949927092 CET4434998913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.949935913 CET4434998913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.955352068 CET49994443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.955398083 CET4434999413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.955470085 CET49994443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.955626965 CET49994443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.955641031 CET4434999413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.971043110 CET4434999113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.971786022 CET49991443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.971792936 CET4434999113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:35.972336054 CET49991443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:35.972340107 CET4434999113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:36.045663118 CET4434999013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:36.045737982 CET4434999013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:36.045814991 CET49990443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:36.046262980 CET49990443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:36.046278954 CET4434999013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:36.046327114 CET49990443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:36.046333075 CET4434999013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:36.050643921 CET49995443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:36.050664902 CET4434999513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:36.050751925 CET49995443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:36.051410913 CET49995443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:36.051424026 CET4434999513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:36.098547935 CET4434999113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:36.098726988 CET4434999113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:36.099181890 CET49991443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:36.099401951 CET49991443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:36.099406958 CET4434999113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:36.099453926 CET49991443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:36.099458933 CET4434999113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:36.103813887 CET49996443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:36.103869915 CET4434999613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:36.103957891 CET49996443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:36.104392052 CET49996443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:36.104439974 CET4434999613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.460706949 CET4434999213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.582657099 CET49992443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.589405060 CET4434999313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.592806101 CET4434999513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.597385883 CET4434999413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.604672909 CET4434999613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.736865997 CET49996443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.736896038 CET4434999613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.737627029 CET49996443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.737639904 CET4434999613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.737957954 CET49994443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.737987041 CET4434999413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.738578081 CET49994443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.738584995 CET4434999413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.738903046 CET49993443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.739362001 CET49992443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.739372015 CET4434999213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.746007919 CET49992443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.746022940 CET4434999213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.750142097 CET49993443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.750153065 CET4434999313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.750562906 CET49993443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.750566959 CET4434999313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.750809908 CET49995443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.750822067 CET4434999513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.751236916 CET49995443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.751241922 CET4434999513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.868617058 CET4434999613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.868791103 CET4434999613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.868868113 CET49996443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.870909929 CET49996443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.870909929 CET49996443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.870934010 CET4434999613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.870955944 CET4434999613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.874407053 CET4434999213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.874445915 CET4434999213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.874504089 CET49992443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.874516964 CET4434999213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.874530077 CET4434999213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.874579906 CET49992443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.875093937 CET49992443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.875107050 CET4434999213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.875117064 CET49992443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.875123024 CET4434999213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.877023935 CET49998443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.877070904 CET4434999813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.877211094 CET49998443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.878263950 CET49998443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.878293037 CET4434999813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.880085945 CET4434999313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.880135059 CET4434999313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.880194902 CET49993443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.880232096 CET4434999513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.880299091 CET4434999513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.880352020 CET4434999513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.880392075 CET49995443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.880429029 CET49995443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.880599976 CET49995443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.880611897 CET4434999513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.880623102 CET49993443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.880623102 CET49995443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.880628109 CET4434999313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.880635977 CET4434999513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.884015083 CET49999443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.884078979 CET4434999913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.884222984 CET49999443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.884373903 CET49999443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.884407997 CET4434999913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.884684086 CET50000443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.884746075 CET4435000013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.884814024 CET50000443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.886516094 CET50001443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.886542082 CET4435000113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.886615038 CET50001443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.887188911 CET50000443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.887202978 CET4435000013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.887478113 CET50001443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:37.887486935 CET4435000113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.123693943 CET4434999413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.123763084 CET4434999413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.123996973 CET49994443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.124378920 CET49994443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.124406099 CET4434999413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.124423027 CET49994443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.124432087 CET4434999413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.131812096 CET50002443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.131827116 CET4435000213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.131906986 CET50002443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.133848906 CET50002443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.133861065 CET4435000213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.287525892 CET50003443192.168.2.4142.250.186.164
                                                                                                                                                                              Oct 30, 2024 17:53:38.287538052 CET44350003142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.287642956 CET50003443192.168.2.4142.250.186.164
                                                                                                                                                                              Oct 30, 2024 17:53:38.288059950 CET50003443192.168.2.4142.250.186.164
                                                                                                                                                                              Oct 30, 2024 17:53:38.288069963 CET44350003142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.611968994 CET4434999813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.612680912 CET49998443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.612752914 CET4434999813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.613264084 CET49998443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.613295078 CET4434999813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.617181063 CET4435000013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.618109941 CET4434999913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.618514061 CET50000443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.618530989 CET4435000013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.619075060 CET50000443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.619081974 CET4435000013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.621051073 CET49999443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.621052027 CET49999443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.621112108 CET4434999913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.621128082 CET4434999913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.631771088 CET4435000113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.632203102 CET50001443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.632222891 CET4435000113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.633658886 CET50001443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.633666039 CET4435000113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.742420912 CET4434999813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.742517948 CET4434999813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.742749929 CET4434999813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.742829084 CET49998443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.743007898 CET49998443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.743038893 CET4434999813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.743074894 CET49998443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.743089914 CET4434999813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.748770952 CET4435000013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.748845100 CET4435000013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.749030113 CET50000443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.750246048 CET50004443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.750303030 CET4435000413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.750399113 CET50004443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.750611067 CET50000443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.750611067 CET50000443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.750622034 CET4435000013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.750629902 CET4435000013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.751050949 CET50004443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.751084089 CET4435000413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.752511978 CET4434999913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.752552032 CET4434999913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.752670050 CET49999443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.753931999 CET49999443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.753951073 CET4434999913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.753990889 CET49999443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.754004002 CET4434999913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.757323027 CET50005443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.757365942 CET4435000513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.757527113 CET50005443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.757616997 CET50005443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.757649899 CET4435000513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.758248091 CET50006443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.758270979 CET4435000613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.758491039 CET50006443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.759691954 CET50006443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.759721041 CET4435000613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.765101910 CET4435000113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.765202999 CET4435000113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.765336990 CET50001443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.765470028 CET50001443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.765470028 CET50001443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.765491962 CET4435000113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.765497923 CET4435000113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.768800020 CET50007443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.768826962 CET4435000713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.768930912 CET50007443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.769768953 CET50007443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.769794941 CET4435000713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.867746115 CET4435000213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.869378090 CET50002443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.869378090 CET50002443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.869390011 CET4435000213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.869396925 CET4435000213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.998739958 CET4435000213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.998773098 CET4435000213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.998811960 CET4435000213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:38.998846054 CET50002443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:38.999010086 CET50002443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.004352093 CET50002443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.004352093 CET50002443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.004359007 CET4435000213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.004365921 CET4435000213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.007639885 CET50008443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.007659912 CET4435000813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.007738113 CET50008443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.008681059 CET50008443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.008691072 CET4435000813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.139755011 CET44350003142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.141014099 CET50003443192.168.2.4142.250.186.164
                                                                                                                                                                              Oct 30, 2024 17:53:39.141022921 CET44350003142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.142108917 CET44350003142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.143717051 CET50003443192.168.2.4142.250.186.164
                                                                                                                                                                              Oct 30, 2024 17:53:39.143887043 CET44350003142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.224353075 CET50003443192.168.2.4142.250.186.164
                                                                                                                                                                              Oct 30, 2024 17:53:39.476234913 CET4435000413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.477308989 CET50004443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.477360010 CET4435000413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.477926970 CET50004443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.477941036 CET4435000413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.497739077 CET4435000513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.498302937 CET50005443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.498349905 CET4435000513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.498831034 CET50005443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.498846054 CET4435000513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.517452002 CET4435000713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.517905951 CET50007443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.517927885 CET4435000713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.518456936 CET50007443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.518484116 CET4435000713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.605192900 CET4435000413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.605401993 CET4435000413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.605467081 CET50004443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.605952024 CET50004443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.605992079 CET4435000413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.606029987 CET50004443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.606045961 CET4435000413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.611516953 CET50009443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.611562014 CET4435000913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.611670017 CET50009443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.612225056 CET50009443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.612236023 CET4435000913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.630481005 CET4435000513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.630549908 CET4435000513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.630608082 CET50005443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.631251097 CET50005443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.631284952 CET4435000513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.631309986 CET50005443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.631342888 CET4435000513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.635479927 CET50010443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.635513067 CET4435001013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.635634899 CET50010443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.636022091 CET50010443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.636037111 CET4435001013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.650320053 CET4435000713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.650408030 CET4435000713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.650475979 CET50007443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.650496960 CET4435000713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.650589943 CET4435000713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.650655985 CET50007443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.650655985 CET50007443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.650701046 CET4435000713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.650732994 CET50007443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.650744915 CET4435000713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.655153990 CET50011443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.655198097 CET4435001113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.655306101 CET50011443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.655700922 CET50011443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.655713081 CET4435001113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.704850912 CET4435000613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.705605030 CET50006443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.705636978 CET4435000613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.707278967 CET50006443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.707285881 CET4435000613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.773423910 CET4435000813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.819410086 CET50008443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.819423914 CET4435000813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.820063114 CET50008443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.820067883 CET4435000813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.840692997 CET4435000613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.840728045 CET4435000613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.840770006 CET4435000613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.840842962 CET50006443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.841103077 CET50006443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.841142893 CET4435000613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.841177940 CET50006443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.841198921 CET4435000613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.854974031 CET50012443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.855005026 CET4435001213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.855070114 CET50012443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.856020927 CET50012443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.856040001 CET4435001213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.952285051 CET4435000813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.952347040 CET4435000813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.952413082 CET50008443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.958640099 CET50008443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.958647966 CET4435000813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.982289076 CET50013443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.982336044 CET4435001313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:39.982490063 CET50013443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.985296965 CET50013443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:39.985323906 CET4435001313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.349080086 CET4435000913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.352405071 CET50009443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.352427006 CET4435000913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.355561018 CET50009443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.355566978 CET4435000913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.371272087 CET4435001013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.374267101 CET50010443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.374290943 CET4435001013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.391361952 CET50010443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.391370058 CET4435001013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.400232077 CET4435001113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.400989056 CET50011443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.401021957 CET4435001113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.401576042 CET50011443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.401590109 CET4435001113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.482114077 CET4435000913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.482192039 CET4435000913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.482420921 CET50009443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.482866049 CET50009443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.482884884 CET4435000913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.482970953 CET50009443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.482976913 CET4435000913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.486037016 CET50014443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.486063004 CET4435001413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.486304045 CET50014443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.486517906 CET50014443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.486536980 CET4435001413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.519309998 CET4435001013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.519548893 CET4435001013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.519691944 CET50010443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.519862890 CET50010443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.519862890 CET50010443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.519872904 CET4435001013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.519880056 CET4435001013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.523453951 CET50015443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.523485899 CET4435001513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.523724079 CET50015443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.524230957 CET50015443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.524251938 CET4435001513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.533102989 CET4435001113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.533776999 CET4435001113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.533823967 CET4435001113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.533941031 CET50011443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.534054995 CET50011443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.534068108 CET4435001113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.534086943 CET50011443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.534091949 CET4435001113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.537929058 CET50016443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.537955046 CET4435001613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.538203955 CET50016443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.538363934 CET50016443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.538378954 CET4435001613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.590248108 CET4435001213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.590929031 CET50012443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.590939999 CET4435001213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.593660116 CET50012443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.593667030 CET4435001213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.720678091 CET4435001313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.722316027 CET4435001213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.722321987 CET50013443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.722343922 CET4435001313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.722388983 CET4435001213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.722528934 CET50012443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.722893953 CET50012443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.722893953 CET50012443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.722915888 CET4435001213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.722929001 CET4435001213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.722951889 CET50013443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.722959042 CET4435001313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.725945950 CET50017443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.725990057 CET4435001713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.726177931 CET50017443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.729660988 CET50017443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.729672909 CET4435001713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.854475975 CET4435001313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.854541063 CET4435001313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.854752064 CET50013443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.855027914 CET50013443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.855048895 CET4435001313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.855191946 CET50013443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.855199099 CET4435001313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.861742973 CET50018443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.861777067 CET4435001813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:40.865839005 CET50018443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.869755983 CET50018443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:40.869771004 CET4435001813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.236898899 CET4435001413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.237962961 CET50014443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.237978935 CET4435001413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.238748074 CET50014443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.238754988 CET4435001413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.256697893 CET4435001513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.257117987 CET50015443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.257133007 CET4435001513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.257728100 CET50015443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.257734060 CET4435001513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.267982006 CET4435001613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.268565893 CET50016443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.268583059 CET4435001613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.269082069 CET50016443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.269088030 CET4435001613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.367765903 CET4435001413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.367871046 CET4435001413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.368010044 CET50014443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.368426085 CET50014443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.368426085 CET50014443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.368443012 CET4435001413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.368453979 CET4435001413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.372102976 CET50019443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.372154951 CET4435001913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.372392893 CET50019443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.372673988 CET50019443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.372690916 CET4435001913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.387425900 CET4435001513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.387528896 CET4435001513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.387728930 CET50015443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.387728930 CET50015443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.387757063 CET50015443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.387773037 CET4435001513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.390539885 CET50020443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.390623093 CET4435002013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.390774012 CET50020443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.391109943 CET50020443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.391140938 CET4435002013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.399682999 CET4435001613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.399755955 CET4435001613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.399899006 CET50016443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.409712076 CET50016443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.409722090 CET4435001613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.409733057 CET50016443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.409738064 CET4435001613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.422943115 CET50021443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.423013926 CET4435002113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.423101902 CET50021443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.424209118 CET50021443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.424245119 CET4435002113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.477617025 CET4435001713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.478620052 CET50017443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.478641987 CET4435001713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.479238987 CET50017443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.479244947 CET4435001713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.610311031 CET4435001713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.610414028 CET4435001713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.610475063 CET50017443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.611053944 CET4435001813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.611268044 CET50017443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.611284971 CET4435001713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.611299038 CET50017443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.611305952 CET4435001713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.612368107 CET50018443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.612380028 CET4435001813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.613095999 CET50018443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.613101006 CET4435001813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.616060972 CET50022443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.616137981 CET4435002213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.616216898 CET50022443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.616379976 CET50022443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.616415024 CET4435002213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.743720055 CET4435001813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.743828058 CET4435001813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.743876934 CET50018443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.747983932 CET50018443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.747997046 CET4435001813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.748006105 CET50018443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.748012066 CET4435001813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.784799099 CET50023443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.784862041 CET4435002313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:41.784944057 CET50023443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.788921118 CET50023443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:41.788953066 CET4435002313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.330913067 CET4435002013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.331861019 CET50020443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.331918955 CET4435002013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.332465887 CET50020443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.332482100 CET4435002013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.337116957 CET4435002113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.337632895 CET50021443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.337691069 CET4435002113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.338151932 CET50021443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.338166952 CET4435002113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.342899084 CET4435001913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.343303919 CET50019443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.343332052 CET4435001913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.343842983 CET50019443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.343849897 CET4435001913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.359052896 CET4435002213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.359420061 CET50022443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.359457016 CET4435002213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.359874964 CET50022443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.359888077 CET4435002213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.465358973 CET4435002013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.465410948 CET4435002013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.465866089 CET50020443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.466228962 CET50020443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.466228962 CET50020443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.466264009 CET4435002013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.466291904 CET4435002013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.469439030 CET50024443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.469465017 CET4435002413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.469976902 CET50024443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.473654032 CET50024443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.473666906 CET4435002413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.480549097 CET4435001913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.480665922 CET4435001913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.480796099 CET4435001913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.481789112 CET50019443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.481882095 CET50019443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.481882095 CET50019443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.481916904 CET4435001913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.481942892 CET4435001913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.484209061 CET50025443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.484255075 CET4435002513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.485846043 CET50025443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.489676952 CET50025443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.489692926 CET4435002513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.493632078 CET4435002213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.493712902 CET4435002213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.494079113 CET50022443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.494183064 CET50022443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.494183064 CET50022443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.494215012 CET4435002213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.494235992 CET4435002213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.496426105 CET50026443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.496436119 CET4435002613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.497895002 CET50026443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.497961044 CET50026443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.497972965 CET4435002613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.510703087 CET4435002113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.510762930 CET4435002113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.510862112 CET4435002113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.513963938 CET50021443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.514579058 CET50021443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.514579058 CET50021443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.514615059 CET4435002113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.514645100 CET4435002113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.517072916 CET50027443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.517096043 CET4435002713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.518213987 CET50027443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.521696091 CET50027443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.521707058 CET4435002713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.524682999 CET4435002313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.526070118 CET50023443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.526089907 CET4435002313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.529337883 CET50023443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.529350042 CET4435002313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.654823065 CET4435002313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.654903889 CET4435002313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.654948950 CET4435002313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.655034065 CET50023443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.655446053 CET50023443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.655468941 CET4435002313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.655489922 CET50023443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.655498981 CET4435002313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.658879995 CET50028443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.658912897 CET4435002813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:42.659054041 CET50028443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.659425974 CET50028443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:42.659444094 CET4435002813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.219546080 CET4435002513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.220706940 CET50025443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.220716000 CET4435002513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.221268892 CET50025443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.221282005 CET4435002513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.234442949 CET4435002613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.236299038 CET50026443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.236325026 CET4435002613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.237261057 CET50026443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.237268925 CET4435002613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.247590065 CET4435002413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.248102903 CET50024443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.248110056 CET4435002413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.249767065 CET50024443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.249771118 CET4435002413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.264298916 CET4435002713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.264964104 CET50027443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.264972925 CET4435002713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.265615940 CET50027443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.265620947 CET4435002713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.348414898 CET4435002513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.348563910 CET4435002513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.348819017 CET50025443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.349251986 CET50025443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.349251986 CET50025443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.349270105 CET4435002513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.349277973 CET4435002513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.352397919 CET50029443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.352432013 CET4435002913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.352617979 CET50029443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.353656054 CET50029443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.353672028 CET4435002913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.387074947 CET4435002413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.387139082 CET4435002413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.387222052 CET50024443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.387780905 CET50024443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.387793064 CET4435002413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.387805939 CET50024443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.387810946 CET4435002413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.391377926 CET4435002813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.391413927 CET50030443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.391447067 CET4435003013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.391563892 CET50030443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.391977072 CET50028443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.391977072 CET50030443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.391994953 CET4435002813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.392014027 CET4435003013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.392616034 CET50028443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.392621040 CET4435002813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.410105944 CET4435002713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.410140038 CET4435002713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.410187006 CET50027443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.410196066 CET4435002713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.410233021 CET50027443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.410562992 CET50027443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.410578966 CET4435002713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.410588980 CET50027443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.410593987 CET4435002713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.418687105 CET50031443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.418723106 CET4435003113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.418791056 CET50031443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.418972969 CET50031443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.418984890 CET4435003113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.522453070 CET4435002813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.523080111 CET4435002813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.523145914 CET50028443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.523410082 CET50028443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.523421049 CET4435002813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.523472071 CET50028443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.523478985 CET4435002813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.529387951 CET50032443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.529423952 CET4435003213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.529484034 CET50032443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.530553102 CET50032443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.530566931 CET4435003213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.583049059 CET4435002613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.583421946 CET4435002613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.583471060 CET50026443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.583717108 CET50026443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.583731890 CET4435002613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.583807945 CET50026443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.583812952 CET4435002613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.588517904 CET50033443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.588532925 CET4435003313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:43.588592052 CET50033443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.589339018 CET50033443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:43.589353085 CET4435003313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.091489077 CET4435002913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.092705011 CET50029443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.092721939 CET4435002913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.093188047 CET50029443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.093195915 CET4435002913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.129621029 CET4435003013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.130259991 CET50030443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.130270004 CET4435003013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.130744934 CET50030443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.130750895 CET4435003013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.221709013 CET4435002913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.222132921 CET4435002913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.222198963 CET50029443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.222438097 CET50029443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.222457886 CET4435002913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.226768017 CET50034443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.226808071 CET4435003413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.226872921 CET50034443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.227353096 CET50034443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.227363110 CET4435003413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.260359049 CET4435003013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.260385036 CET4435003013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.260438919 CET4435003013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.260479927 CET50030443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.260479927 CET50030443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.260890961 CET50030443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.260890961 CET50030443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.260905981 CET4435003013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.260917902 CET4435003013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.265225887 CET50035443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.265255928 CET4435003513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.265338898 CET50035443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.265583992 CET50035443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.265599012 CET4435003513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.270328045 CET4435003213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.270692110 CET50032443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.270709991 CET4435003213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.271195889 CET50032443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.271200895 CET4435003213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.356765985 CET4435003313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.357459068 CET50033443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.357475996 CET4435003313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.358036995 CET50033443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.358042002 CET4435003313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.358501911 CET4435003113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.358966112 CET50031443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.358978987 CET4435003113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.359297037 CET50031443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.359302998 CET4435003113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.406009912 CET4435003213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.406024933 CET4435003213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.407376051 CET4435003213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.407520056 CET50032443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.407835960 CET50032443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.407835960 CET50032443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.407854080 CET4435003213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.407862902 CET4435003213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.413985968 CET50036443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.414031982 CET4435003613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.418420076 CET50036443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.421663046 CET50036443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.421684980 CET4435003613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.488807917 CET4435003113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.488881111 CET4435003113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.489022970 CET50031443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.489429951 CET50031443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.489429951 CET50031443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.489449024 CET4435003113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.489454985 CET4435003113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.493113995 CET4435003313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.493139029 CET4435003313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.493177891 CET50037443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.493199110 CET4435003713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.493226051 CET4435003313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.493309021 CET50033443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.493321896 CET50037443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.493429899 CET50033443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.493622065 CET50033443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.493622065 CET50033443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.493632078 CET4435003313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.493640900 CET4435003313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.493715048 CET50037443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.493733883 CET4435003713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.497095108 CET50038443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.497126102 CET4435003813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.497838974 CET50038443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.501724958 CET50038443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.501741886 CET4435003813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.983799934 CET4435003413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.994488001 CET4435003513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:44.998254061 CET50034443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:44.998275042 CET4435003413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.006015062 CET50034443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.006026030 CET4435003413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.011616945 CET50035443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.011631012 CET4435003513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.012257099 CET50035443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.012262106 CET4435003513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.134191990 CET4435003413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.134251118 CET4435003413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.134376049 CET4435003413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.138078928 CET50034443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.138313055 CET4435003513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.138375998 CET4435003513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.138600111 CET4435003513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.141200066 CET50035443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.149096966 CET4435003613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.158801079 CET50034443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.158801079 CET50034443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.158821106 CET4435003413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.158828974 CET4435003413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.159976959 CET50035443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.159991980 CET4435003513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.160023928 CET50035443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.160029888 CET4435003513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.161756992 CET50036443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.161767006 CET4435003613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.163361073 CET50036443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.163367033 CET4435003613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.180783033 CET50039443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.180810928 CET4435003913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.181945086 CET50039443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.188024998 CET50040443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.188122034 CET4435004013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.188632965 CET50039443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.188647985 CET4435003913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.188683987 CET50040443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.188852072 CET50040443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.188886881 CET4435004013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.249784946 CET4435003813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.254829884 CET50038443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.254829884 CET50038443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.254842997 CET4435003813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.254859924 CET4435003813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.262417078 CET4435003713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.262887001 CET50037443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.262897968 CET4435003713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.263580084 CET50037443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.263586044 CET4435003713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.310050964 CET4435003613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.310117960 CET4435003613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.313776970 CET50036443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.314045906 CET50036443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.314045906 CET50036443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.314065933 CET4435003613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.314076900 CET4435003613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.317728043 CET50041443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.317763090 CET4435004113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.318011999 CET50041443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.318368912 CET50041443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.318380117 CET4435004113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.387105942 CET4435003813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.387294054 CET4435003813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.387363911 CET50038443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.387777090 CET50038443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.387795925 CET4435003813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.387852907 CET50038443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.387859106 CET4435003813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.393723965 CET50042443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.393811941 CET4435004213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.393981934 CET50042443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.394351959 CET50042443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.394381046 CET4435004213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.396997929 CET4435003713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.397145033 CET4435003713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.397206068 CET50037443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.397459984 CET50037443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.397459984 CET50037443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.397468090 CET4435003713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.397478104 CET4435003713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.400202036 CET50043443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.400233030 CET4435004313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.400316954 CET50043443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.400926113 CET50043443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.400939941 CET4435004313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.923559904 CET4435003913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.924335003 CET50039443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.924361944 CET4435003913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.924988031 CET50039443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.924994946 CET4435003913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.928390980 CET4435004013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.928730011 CET50040443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.928761005 CET4435004013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:45.929116011 CET50040443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:45.929126024 CET4435004013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.054052114 CET4435003913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.054076910 CET4435003913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.054120064 CET50039443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.054133892 CET4435003913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.054141045 CET4435003913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.054214954 CET50039443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.054812908 CET50039443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.054828882 CET4435003913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.054842949 CET50039443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.054850101 CET4435003913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.058032036 CET4435004013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.058175087 CET4435004013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.058233976 CET50040443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.058685064 CET50040443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.058737040 CET4435004013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.058793068 CET50040443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.058811903 CET4435004013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.059861898 CET50044443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.059925079 CET4435004413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.059926987 CET4435004113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.060019970 CET50044443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.060720921 CET50044443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.060755968 CET4435004413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.060791016 CET50041443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.060806990 CET4435004113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.061258078 CET50041443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.061261892 CET4435004113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.061700106 CET50045443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.061770916 CET4435004513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.061841011 CET50045443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.061968088 CET50045443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.061984062 CET4435004513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.133043051 CET4435004213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.137109041 CET4435004313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.163381100 CET50042443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.163424015 CET4435004213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.163913012 CET50042443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.163933039 CET4435004213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.164485931 CET50043443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.164510965 CET4435004313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.165105104 CET50043443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.165112019 CET4435004313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.192523956 CET4435004113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.192548990 CET4435004113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.192593098 CET50041443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.192600012 CET4435004113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.192611933 CET4435004113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.192621946 CET50041443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.192643881 CET50041443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.194199085 CET50041443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.194211006 CET4435004113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.194220066 CET50041443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.194231987 CET4435004113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.200012922 CET50046443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.200076103 CET4435004613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.200150013 CET50046443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.201134920 CET50046443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.201178074 CET4435004613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.309922934 CET4435004313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.309942961 CET4435004313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.309992075 CET50043443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.310004950 CET4435004313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.310019970 CET4435004313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.310085058 CET50043443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.310501099 CET50043443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.310512066 CET4435004313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.310519934 CET50043443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.310525894 CET4435004313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.314368010 CET50047443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.314424038 CET4435004713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.314496040 CET50047443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.314871073 CET50047443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.314903021 CET4435004713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.373868942 CET4435004213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.373907089 CET4435004213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.373918056 CET4435004213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.373941898 CET4435004213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.373986006 CET50042443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.374001026 CET4435004213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.374027967 CET50042443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.374048948 CET50042443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.427982092 CET4435004213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.428064108 CET4435004213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.428092957 CET50042443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.428174019 CET50042443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.429188013 CET50042443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.429188013 CET50042443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.429203987 CET4435004213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.429208994 CET4435004213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.434674978 CET50048443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.434705019 CET4435004813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.438905001 CET50048443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.441768885 CET50048443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.441778898 CET4435004813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.788542032 CET4435004413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.791601896 CET50044443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.791630030 CET4435004413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.792344093 CET50044443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.792357922 CET4435004413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.796582937 CET4435004513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.798665047 CET50045443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.798665047 CET50045443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.798706055 CET4435004513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.798743963 CET4435004513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.936949015 CET4435004513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.937020063 CET4435004513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.937159061 CET4435004513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.937201023 CET50045443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.937571049 CET50045443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.937572002 CET50045443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.937751055 CET50045443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.937784910 CET4435004513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.942008018 CET50049443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.942037106 CET4435004913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.943506002 CET50049443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.944679022 CET50049443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.944691896 CET4435004913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.964740038 CET4435004613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.965729952 CET50046443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.965768099 CET4435004613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:46.965970993 CET50046443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:46.965981960 CET4435004613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.029525995 CET4435004413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.029562950 CET4435004413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.029593945 CET4435004413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.029722929 CET50044443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.029723883 CET50044443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.029776096 CET4435004413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.029903889 CET50044443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.039215088 CET4435004413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.039252996 CET4435004413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.039299965 CET4435004413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.039300919 CET50044443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.039350033 CET50044443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.040040016 CET50044443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.040450096 CET50044443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.040450096 CET50044443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.040479898 CET4435004413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.040503025 CET4435004413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.044693947 CET50050443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.044742107 CET4435005013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.045034885 CET50050443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.045737028 CET50050443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.045753002 CET4435005013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.067776918 CET4435004713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.068589926 CET50047443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.068624973 CET4435004713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.068758011 CET50047443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.068770885 CET4435004713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.095576048 CET4435004613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.095597029 CET4435004613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.095715046 CET4435004613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.095738888 CET50046443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.096154928 CET50046443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.096342087 CET50046443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.096342087 CET50046443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.096364021 CET4435004613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.096388102 CET4435004613.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.101811886 CET50051443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.101835966 CET4435005113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.102840900 CET50051443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.104131937 CET50051443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.104145050 CET4435005113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.189893961 CET4435004813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.191155910 CET50048443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.191174984 CET4435004813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.191788912 CET50048443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.191797018 CET4435004813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.201304913 CET4435004713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.201392889 CET4435004713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.201466084 CET50047443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.201915979 CET50047443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.201915979 CET50047443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.201927900 CET4435004713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.201941013 CET4435004713.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.208249092 CET50052443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.208292007 CET4435005213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.208488941 CET50052443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.209247112 CET50052443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.209276915 CET4435005213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.321468115 CET4435004813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.321551085 CET4435004813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.321631908 CET50048443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.323699951 CET50048443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.323699951 CET50048443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.323719978 CET4435004813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.323730946 CET4435004813.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.327804089 CET50053443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.327848911 CET4435005313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.328181982 CET50053443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.329502106 CET50053443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.329521894 CET4435005313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.691371918 CET4435004913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.709841967 CET50049443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.709865093 CET4435004913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.713741064 CET50049443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.713747025 CET4435004913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.802150965 CET4435005013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.804912090 CET50050443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.804939032 CET4435005013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.805754900 CET50050443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.805763006 CET4435005013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.835480928 CET4435005113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.841231108 CET4435004913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.841382980 CET4435004913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.841486931 CET50049443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.848143101 CET50051443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.848150969 CET4435005113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.848825932 CET50051443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.848829985 CET4435005113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.849822044 CET50049443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.849833012 CET4435004913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.849843979 CET50049443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.849848032 CET4435004913.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.908588886 CET50054443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.908668041 CET4435005413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.908746004 CET50054443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.911463976 CET50054443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.911500931 CET4435005413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.935781002 CET4435005013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.935961008 CET4435005013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.936022043 CET50050443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.937599897 CET4435005213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.937664986 CET50050443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.937685966 CET4435005013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.937697887 CET50050443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.937705040 CET4435005013.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.940836906 CET50052443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.940886974 CET4435005213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.941845894 CET50052443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.941857100 CET4435005213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.945830107 CET50055443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.945914984 CET4435005513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.945993900 CET50055443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.946155071 CET50055443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.946208954 CET4435005513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.974905968 CET4435005113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.974942923 CET4435005113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.974983931 CET4435005113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.975003004 CET50051443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.975039959 CET50051443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.975562096 CET50051443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.975572109 CET4435005113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:47.975580931 CET50051443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:47.975589037 CET4435005113.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:48.067666054 CET4435005213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:48.067828894 CET4435005213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:48.067897081 CET50052443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:48.068547964 CET50052443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:48.068547964 CET50052443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:48.068581104 CET4435005213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:48.068608999 CET4435005213.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:48.078686953 CET4435005313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:48.079565048 CET50053443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:48.079610109 CET4435005313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:48.080012083 CET50053443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:48.080029964 CET4435005313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:48.211158991 CET4435005313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:48.211266041 CET4435005313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:48.211354017 CET50053443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:48.250788927 CET50053443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:48.250813007 CET4435005313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:48.250827074 CET50053443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:48.250834942 CET4435005313.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:48.687405109 CET4435005513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:48.690427065 CET50055443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:48.690488100 CET4435005513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:48.690990925 CET50055443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:48.691004992 CET4435005513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:48.697133064 CET4435005413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:48.698086977 CET50054443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:48.698147058 CET4435005413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:48.698564053 CET50054443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:48.698577881 CET4435005413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:48.818698883 CET4435005513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:48.818902016 CET4435005513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:48.819056988 CET50055443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:48.819360971 CET50055443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:48.819360971 CET50055443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:48.819386959 CET4435005513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:48.819410086 CET4435005513.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:48.828748941 CET4435005413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:48.829057932 CET4435005413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:48.829196930 CET50054443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:48.829786062 CET50054443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:48.829786062 CET50054443192.168.2.413.107.246.64
                                                                                                                                                                              Oct 30, 2024 17:53:48.829818010 CET4435005413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:48.829899073 CET4435005413.107.246.64192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:49.130784035 CET44350003142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:49.130937099 CET44350003142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:49.131067038 CET50003443192.168.2.4142.250.186.164
                                                                                                                                                                              Oct 30, 2024 17:54:07.692584991 CET50003443192.168.2.4142.250.186.164
                                                                                                                                                                              Oct 30, 2024 17:54:07.692612886 CET44350003142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:54:38.349870920 CET50057443192.168.2.4142.250.186.164
                                                                                                                                                                              Oct 30, 2024 17:54:38.349919081 CET44350057142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:54:38.351830959 CET50057443192.168.2.4142.250.186.164
                                                                                                                                                                              Oct 30, 2024 17:54:38.352121115 CET50057443192.168.2.4142.250.186.164
                                                                                                                                                                              Oct 30, 2024 17:54:38.352135897 CET44350057142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:54:39.203641891 CET44350057142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:54:39.205831051 CET50057443192.168.2.4142.250.186.164
                                                                                                                                                                              Oct 30, 2024 17:54:39.205846071 CET44350057142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:54:39.206310034 CET44350057142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:54:39.207674980 CET50057443192.168.2.4142.250.186.164
                                                                                                                                                                              Oct 30, 2024 17:54:39.207770109 CET44350057142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:54:39.286030054 CET50057443192.168.2.4142.250.186.164
                                                                                                                                                                              Oct 30, 2024 17:54:49.196464062 CET44350057142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:54:49.196541071 CET44350057142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:54:49.196626902 CET50057443192.168.2.4142.250.186.164
                                                                                                                                                                              Oct 30, 2024 17:54:52.693207979 CET50057443192.168.2.4142.250.186.164
                                                                                                                                                                              Oct 30, 2024 17:54:52.693229914 CET44350057142.250.186.164192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:54:57.762857914 CET5473053192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 17:54:57.768318892 CET53547301.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:54:57.768512964 CET5473053192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 17:54:57.768595934 CET5473053192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 17:54:57.773904085 CET53547301.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:54:58.365521908 CET53547301.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:54:58.366790056 CET5473053192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 17:54:58.372661114 CET53547301.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:54:58.375961065 CET5473053192.168.2.41.1.1.1

                                                                                                                                                                              UDP Packets

                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                              Oct 30, 2024 17:52:19.165340900 CET5327353192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 17:52:19.199918032 CET53532731.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:20.706492901 CET138138192.168.2.4192.168.2.255
                                                                                                                                                                              Oct 30, 2024 17:52:31.553518057 CET5239853192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 17:52:31.726798058 CET53523981.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:36.330565929 CET53500161.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:36.362819910 CET5591553192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 17:52:36.363142967 CET6178253192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 17:52:36.379106045 CET53559151.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:36.382380962 CET53617821.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:36.435988903 CET53646431.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.224365950 CET5691353192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 17:52:38.224500895 CET4966453192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 17:52:38.248003006 CET53569131.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.248635054 CET53496641.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.681632042 CET53580281.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.684555054 CET6351653192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 17:52:38.684695959 CET5404353192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 17:52:38.690505028 CET53515321.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.692099094 CET53540431.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.692811966 CET53635161.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:38.727190971 CET53574031.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:41.041268110 CET53587461.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:42.364984035 CET6047753192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 17:52:42.365328074 CET5364453192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 17:52:42.373308897 CET53604771.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:42.374150991 CET53536441.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:42.396064043 CET53547331.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:42.598103046 CET4925053192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 17:52:42.598387957 CET6399753192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 17:52:42.599280119 CET6201553192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 17:52:42.599486113 CET5539853192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 17:52:42.605786085 CET53639971.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:42.605880976 CET53492501.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:42.607008934 CET53553981.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:42.607021093 CET53620151.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:42.610038042 CET4924053192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 17:52:42.610686064 CET5490153192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 17:52:42.617892027 CET53492401.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:42.618546963 CET53549011.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:55.139815092 CET53624301.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:52:55.656769991 CET53573141.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:14.655319929 CET53601881.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:36.298243046 CET53601031.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:53:37.467731953 CET53497341.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:54:07.700674057 CET53493291.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:54:52.701525927 CET53495181.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:54:57.762053967 CET53622061.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 17:56:21.339451075 CET138138192.168.2.4192.168.2.255

                                                                                                                                                                              DNS Queries

                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                              Oct 30, 2024 17:52:19.165340900 CET192.168.2.41.1.1.10x3a71Standard query (0)pps.shieldappsverify.comA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:31.553518057 CET192.168.2.41.1.1.10x6814Standard query (0)pps.shieldappsverify.comA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:36.362819910 CET192.168.2.41.1.1.10xa54bStandard query (0)shieldapps.comA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:36.363142967 CET192.168.2.41.1.1.10x5583Standard query (0)shieldapps.com65IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:38.224365950 CET192.168.2.41.1.1.10x360eStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:38.224500895 CET192.168.2.41.1.1.10x5188Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:38.684555054 CET192.168.2.41.1.1.10x4a07Standard query (0)code.jquery.comA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:38.684695959 CET192.168.2.41.1.1.10x4f5fStandard query (0)code.jquery.com65IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:42.364984035 CET192.168.2.41.1.1.10x988fStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:42.365328074 CET192.168.2.41.1.1.10x76aeStandard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:42.598103046 CET192.168.2.41.1.1.10xb31eStandard query (0)analytics.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:42.598387957 CET192.168.2.41.1.1.10xa1d4Standard query (0)analytics.google.com65IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:42.599280119 CET192.168.2.41.1.1.10xffd8Standard query (0)stats.g.doubleclick.netA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:42.599486113 CET192.168.2.41.1.1.10x76aaStandard query (0)stats.g.doubleclick.net65IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:42.610038042 CET192.168.2.41.1.1.10x725aStandard query (0)td.doubleclick.netA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:42.610686064 CET192.168.2.41.1.1.10x38caStandard query (0)td.doubleclick.net65IN (0x0001)false

                                                                                                                                                                              DNS Answers

                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                              Oct 30, 2024 17:52:19.199918032 CET1.1.1.1192.168.2.40x3a71No error (0)pps.shieldappsverify.com149.210.194.253A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:31.726798058 CET1.1.1.1192.168.2.40x6814No error (0)pps.shieldappsverify.com149.210.194.253A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:36.379106045 CET1.1.1.1192.168.2.40xa54bNo error (0)shieldapps.com50.87.253.110A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:38.248003006 CET1.1.1.1192.168.2.40x360eNo error (0)www.google.com142.250.186.164A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:38.248635054 CET1.1.1.1192.168.2.40x5188No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:38.692811966 CET1.1.1.1192.168.2.40x4a07No error (0)code.jquery.com151.101.194.137A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:38.692811966 CET1.1.1.1192.168.2.40x4a07No error (0)code.jquery.com151.101.66.137A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:38.692811966 CET1.1.1.1192.168.2.40x4a07No error (0)code.jquery.com151.101.2.137A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:38.692811966 CET1.1.1.1192.168.2.40x4a07No error (0)code.jquery.com151.101.130.137A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:42.373308897 CET1.1.1.1192.168.2.40x988fNo error (0)www.google.com142.250.185.100A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:42.374150991 CET1.1.1.1192.168.2.40x76aeNo error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:42.605786085 CET1.1.1.1192.168.2.40xa1d4No error (0)analytics.google.comanalytics-alv.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:42.605880976 CET1.1.1.1192.168.2.40xb31eNo error (0)analytics.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:42.607021093 CET1.1.1.1192.168.2.40xffd8No error (0)stats.g.doubleclick.net74.125.133.154A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:42.607021093 CET1.1.1.1192.168.2.40xffd8No error (0)stats.g.doubleclick.net74.125.133.155A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:42.607021093 CET1.1.1.1192.168.2.40xffd8No error (0)stats.g.doubleclick.net74.125.133.156A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:42.607021093 CET1.1.1.1192.168.2.40xffd8No error (0)stats.g.doubleclick.net74.125.133.157A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 17:52:42.617892027 CET1.1.1.1192.168.2.40x725aNo error (0)td.doubleclick.net142.250.186.162A (IP address)IN (0x0001)false

                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                              • slscr.update.microsoft.com
                                                                                                                                                                              • pps.shieldappsverify.com
                                                                                                                                                                              • fs.microsoft.com
                                                                                                                                                                              • shieldapps.com
                                                                                                                                                                              • https:
                                                                                                                                                                                • code.jquery.com
                                                                                                                                                                                • analytics.google.com
                                                                                                                                                                                • www.google.com
                                                                                                                                                                                • td.doubleclick.net
                                                                                                                                                                                • stats.g.doubleclick.net
                                                                                                                                                                                • www.bing.com
                                                                                                                                                                              • otelrules.azureedge.net

                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              0192.168.2.44973320.109.210.53443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:17 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BmRxXm81SrA95px&MD=Rw14uCfM HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                              Host: slscr.update.microsoft.com
                                                                                                                                                                              2024-10-30 16:52:17 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                              Expires: -1
                                                                                                                                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                              ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                                              MS-CorrelationId: 08fef3a5-511f-4825-ab5f-975525bb55d3
                                                                                                                                                                              MS-RequestId: e9499f78-8af4-40e8-aea7-87d4e5970a8c
                                                                                                                                                                              MS-CV: ZTUTbu491Ui+v0P4.0
                                                                                                                                                                              X-Microsoft-SLSClientCache: 2880
                                                                                                                                                                              Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:17 GMT
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Length: 24490
                                                                                                                                                                              2024-10-30 16:52:17 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                                              Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                                              2024-10-30 16:52:17 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                                                              Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              1192.168.2.449738149.210.194.2534433808C:\Program Files (x86)\PC Privacy Shield\InstAct.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:20 UTC197OUTPOST /pcprivshield/pcprivshield_2.php HTTP/1.1
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Host: pps.shieldappsverify.com
                                                                                                                                                                              Content-Length: 63
                                                                                                                                                                              Expect: 100-continue
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              2024-10-30 16:52:20 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                              2024-10-30 16:52:20 UTC63OUTData Raw: 6c 61 62 65 6c 69 64 3d 36 26 75 70 64 61 74 65 73 65 72 76 65 72 6c 69 6e 6b 3d 31 26 6b 65 79 3d 26 61 70 70 76 65 72 3d 34 2e 39 2e 38 26 6d 61 63 3d 32 45 36 35 31 36 35 43 38 39 42 46
                                                                                                                                                                              Data Ascii: labelid=6&updateserverlink=1&key=&appver=4.9.8&mac=2E65165C89BF
                                                                                                                                                                              2024-10-30 16:52:20 UTC220INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:20 GMT
                                                                                                                                                                              Server: Apache/2.4.38 (Debian)
                                                                                                                                                                              Content-Length: 53
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              {"url":"http:\/\/pps.shieldappsverify.com\/setups\/"}


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              2192.168.2.449740149.210.194.2534437532C:\Program Files (x86)\PC Privacy Shield\InstAct.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:24 UTC197OUTPOST /pcprivshield/pcprivshield_2.php HTTP/1.1
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Host: pps.shieldappsverify.com
                                                                                                                                                                              Content-Length: 47
                                                                                                                                                                              Expect: 100-continue
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              2024-10-30 16:52:25 UTC47OUTData Raw: 69 6e 73 74 61 6c 6c 3d 31 26 6c 61 62 65 6c 69 64 3d 36 26 6c 61 6e 67 3d 65 6e 26 61 70 70 76 65 72 3d 34 2e 39 2e 38 26 6d 61 72 6b 3d 30
                                                                                                                                                                              Data Ascii: install=1&labelid=6&lang=en&appver=4.9.8&mark=0
                                                                                                                                                                              2024-10-30 16:52:25 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                              2024-10-30 16:52:25 UTC284INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:24 GMT
                                                                                                                                                                              Server: Apache/2.4.38 (Debian)
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Content-Length: 94
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              {"page":"https:\/\/shieldapps.com\/post-install\/pc-privacy-shield-successful-installation\/"}


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              3192.168.2.449741149.210.194.2534437524C:\Program Files (x86)\PC Privacy Shield\InstAct.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:24 UTC198OUTPOST /pcprivshield/pcprivshield_2.php HTTP/1.1
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Host: pps.shieldappsverify.com
                                                                                                                                                                              Content-Length: 120
                                                                                                                                                                              Expect: 100-continue
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              2024-10-30 16:52:25 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                              2024-10-30 16:52:25 UTC120OUTData Raw: 6c 61 62 65 6c 69 64 3d 36 26 69 6e 73 74 61 6c 6c 73 74 61 74 73 3d 31 26 6d 61 63 3d 32 45 36 35 31 36 35 43 38 39 42 46 26 69 73 6f 6c 61 6e 67 3d 65 6e 2d 43 48 26 69 73 69 6e 73 74 61 6c 6c 3d 31 26 6c 61 6e 67 73 74 72 3d 45 6e 67 6c 69 73 68 20 28 55 6e 69 74 65 64 20 4b 69 6e 67 64 6f 6d 29 26 61 70 70 76 65 72 3d 34 2e 39 2e 38 26 6d 61 72 6b 3d 30
                                                                                                                                                                              Data Ascii: labelid=6&installstats=1&mac=2E65165C89BF&isolang=en-CH&isinstall=1&langstr=English (United Kingdom)&appver=4.9.8&mark=0
                                                                                                                                                                              2024-10-30 16:52:26 UTC166INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:25 GMT
                                                                                                                                                                              Server: Apache/2.4.38 (Debian)
                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              4192.168.2.449742149.210.194.2534437532C:\Program Files (x86)\PC Privacy Shield\InstAct.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:27 UTC173OUTPOST /pcprivshield/pcprivshield_2.php HTTP/1.1
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Host: pps.shieldappsverify.com
                                                                                                                                                                              Content-Length: 40
                                                                                                                                                                              Expect: 100-continue
                                                                                                                                                                              2024-10-30 16:52:27 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                              2024-10-30 16:52:27 UTC40OUTData Raw: 6c 61 62 65 6c 69 64 3d 36 26 72 65 76 69 76 65 72 3d 26 6d 61 63 3d 32 45 36 35 31 36 35 43 38 39 42 46 26 6b 65 79 3d
                                                                                                                                                                              Data Ascii: labelid=6&reviver=&mac=2E65165C89BF&key=
                                                                                                                                                                              2024-10-30 16:52:27 UTC395INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:27 GMT
                                                                                                                                                                              Server: Apache/2.4.38 (Debian)
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Content-Length: 204
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              {"ipaddress":"173.254.250.78","canceled":"false","softreset":"false","activationdate":null,"expirationdate":null,"countrycode":null,"batch":null,"mark":null,"key":"","duration":null,"numberoflicenses":-1}


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              5192.168.2.449743149.210.194.2534435812C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:28 UTC197OUTPOST /pcprivshield/pcprivshield_2.php HTTP/1.1
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Host: pps.shieldappsverify.com
                                                                                                                                                                              Content-Length: 40
                                                                                                                                                                              Expect: 100-continue
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              2024-10-30 16:52:28 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                              2024-10-30 16:52:28 UTC40OUTData Raw: 6c 61 62 65 6c 69 64 3d 36 26 72 65 76 69 76 65 72 3d 26 6d 61 63 3d 32 45 36 35 31 36 35 43 38 39 42 46 26 6b 65 79 3d
                                                                                                                                                                              Data Ascii: labelid=6&reviver=&mac=2E65165C89BF&key=
                                                                                                                                                                              2024-10-30 16:52:29 UTC395INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:28 GMT
                                                                                                                                                                              Server: Apache/2.4.38 (Debian)
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Content-Length: 204
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              {"ipaddress":"173.254.250.78","canceled":"false","softreset":"false","activationdate":null,"expirationdate":null,"countrycode":null,"batch":null,"mark":null,"key":"","duration":null,"numberoflicenses":-1}


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              6192.168.2.4497472.19.244.127443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:35 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              Accept-Encoding: identity
                                                                                                                                                                              User-Agent: Microsoft BITS/7.8
                                                                                                                                                                              Host: fs.microsoft.com
                                                                                                                                                                              2024-10-30 16:52:35 UTC467INHTTP/1.1 200 OK
                                                                                                                                                                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                              Server: ECAcc (lpl/EF70)
                                                                                                                                                                              X-CID: 11
                                                                                                                                                                              X-Ms-ApiVersion: Distribute 1.2
                                                                                                                                                                              X-Ms-Region: prod-neu-z1
                                                                                                                                                                              Cache-Control: public, max-age=258777
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:35 GMT
                                                                                                                                                                              Connection: close
                                                                                                                                                                              X-CID: 2


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              7192.168.2.4497482.19.244.127443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:37 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              Accept-Encoding: identity
                                                                                                                                                                              If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                              Range: bytes=0-2147483646
                                                                                                                                                                              User-Agent: Microsoft BITS/7.8
                                                                                                                                                                              Host: fs.microsoft.com
                                                                                                                                                                              2024-10-30 16:52:37 UTC534INHTTP/1.1 200 OK
                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                              ApiVersion: Distribute 1.1
                                                                                                                                                                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                              X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
                                                                                                                                                                              Cache-Control: public, max-age=25938
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:37 GMT
                                                                                                                                                                              Content-Length: 55
                                                                                                                                                                              Connection: close
                                                                                                                                                                              X-CID: 2
                                                                                                                                                                              2024-10-30 16:52:37 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                                                                                                              Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              8192.168.2.44975050.87.253.1104433412C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:37 UTC842OUTGET /post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE= HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Upgrade-Insecure-Requests: 1
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                              Sec-Fetch-Mode: navigate
                                                                                                                                                                              Sec-Fetch-User: ?1
                                                                                                                                                                              Sec-Fetch-Dest: document
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:37 UTC579INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:37 GMT
                                                                                                                                                                              Server: nginx/1.25.5
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              X-Pingback: https://shieldapps.com/xmlrpc.php
                                                                                                                                                                              Link: <https://shieldapps.com/wp-json/>; rel="https://api.w.org/", <https://shieldapps.com/wp-json/wp/v2/pages/5772>; rel="alternate"; title="JSON"; type="application/json", <https://shieldapps.com/?p=5772>; rel=shortlink
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              X-Server-Cache: true
                                                                                                                                                                              X-Proxy-Cache: MISS
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              2024-10-30 16:52:37 UTC7613INData Raw: 31 64 38 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22
                                                                                                                                                                              Data Ascii: 1d80<!DOCTYPE html><html dir="ltr" lang="en-US" prefix="og: https://ogp.me/ns#"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><link rel="pingback"
                                                                                                                                                                              2024-10-30 16:52:37 UTC8156INData Raw: 6f 72 74 61 6e 74 3b 0a 09 09 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 68 65 69 67 68 74 3a 20 31 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 77 69 64 74 68 3a 20 31 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 6d 61 72 67 69 6e 3a 20 30 20 30 2e 30 37 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 2d 30 2e 31 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 70 61 64 64 69 6e 67 3a 20 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6c
                                                                                                                                                                              Data Ascii: ortant;border: none !important;box-shadow: none !important;height: 1em !important;width: 1em !important;margin: 0 0.07em !important;vertical-align: -0.1em !important;background: none !important;padding: 0 !important;}</style><l
                                                                                                                                                                              2024-10-30 16:52:37 UTC2INData Raw: 0d 0a
                                                                                                                                                                              Data Ascii:
                                                                                                                                                                              2024-10-30 16:52:37 UTC8192INData Raw: 32 30 30 30 0d 0a 73 2d 76 69 76 69 64 2d 61 6d 62 65 72 2d 74 6f 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 67 72 61 64 69 65 6e 74 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 61 6d 62 65 72 2d 74 6f 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 2d 67 72 61 64 69 65 6e 74 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67
                                                                                                                                                                              Data Ascii: 2000s-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--g
                                                                                                                                                                              2024-10-30 16:52:37 UTC6INData Raw: 6a 75 73 74 69 66
                                                                                                                                                                              Data Ascii: justif
                                                                                                                                                                              2024-10-30 16:52:37 UTC2INData Raw: 0d 0a
                                                                                                                                                                              Data Ascii:
                                                                                                                                                                              2024-10-30 16:52:37 UTC8192INData Raw: 32 30 30 30 0d 0a 79 2d 63 6f 6e 74 65 6e 74 3a 20 66 6c 65 78 2d 73 74 61 72 74 3b 09 0a 09 7d 0a 7d 0a 0a 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 35 30 30 70 78 29 20 7b 0a 09 09 09 2e 70 61 67 65 2d 62 61 6e 6e 65 72 20 2e 76 69 64 65 6f 2d 77 72 61 70 70 65 72 20 69 66 72 61 6d 65 20 7b 0a 09 6d 61 78 2d 77 69 64 74 68 3a 20 33 35 30 70 78 3b 0a 7d 0a 09 0a 09 09 2e 70 61 67 65 2d 62 61 6e 6e 65 72 20 2e 76 69 64 65 6f 2d 77 72 61 70 70 65 72 20 7b 0a 09 6d 61 78 2d 77 69 64 74 68 3a 20 33 35 30 70 78 3b 0a 7d 0a 09 0a 09 2e 70 61 67 65 20 2e 70 61 67 65 2d 62 61 6e 6e 65 72 20 2e 63 61 72 6f 75 73 65 6c 2d 62 6f 78 20 7b 6d 61 72 67 69 6e 3a 20 30 20 32 30 70 78 3b 7d 0a 09 2e 70 61 67 65 20 2e 70 61 67 65 2d 62 61 6e 6e 65 72 20 7b
                                                                                                                                                                              Data Ascii: 2000y-content: flex-start;}}@media (max-width: 500px) {.page-banner .video-wrapper iframe {max-width: 350px;}.page-banner .video-wrapper {max-width: 350px;}.page .page-banner .carousel-box {margin: 0 20px;}.page .page-banner {
                                                                                                                                                                              2024-10-30 16:52:37 UTC6INData Raw: 0a 09 09 09 09 3c
                                                                                                                                                                              Data Ascii: <
                                                                                                                                                                              2024-10-30 16:52:37 UTC2INData Raw: 0d 0a
                                                                                                                                                                              Data Ascii:
                                                                                                                                                                              2024-10-30 16:52:37 UTC8192INData Raw: 31 66 66 38 0d 0a 68 31 20 63 6c 61 73 73 3d 22 73 69 6e 67 6c 65 2d 74 69 74 6c 65 22 3e 50 43 20 50 72 69 76 61 63 79 20 53 68 69 65 6c 64 20 73 75 63 63 65 73 73 66 75 6c 20 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 3c 2f 68 31 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 09 3c 64 69 76 20 69 64 3d 22 70 72 69 6d 61 72 79 22 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 61 72 65 61 22 3e 0a 09 09 3c 6d 61 69 6e 20 69 64 3d 22 6d 61 69 6e 22 20 63 6c 61 73 73 3d 22 73 69 74 65 2d 6d 61 69 6e 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 0a 0a 09 09 09 3c 21 2d 2d 20 73 68 69 65 6c 64 2d 73 65 63 74 69 6f 6e 20 73 74 61 72 74 20 2d 2d 3e 0a 09 09 09 09 09 09 3c 73 65 63 74 69 6f 6e 20 63 6c 61 73 73 3d
                                                                                                                                                                              Data Ascii: 1ff8h1 class="single-title">PC Privacy Shield successful installation</h1></div></div></div><div id="primary" class="content-area"><main id="main" class="site-main" role="main">... shield-section start --><section class=


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              9192.168.2.44975150.87.253.1104433412C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:38 UTC770OUTGET /wp-includes/css/dist/block-library/style.min.css?ver=6.6.2 HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: text/css,*/*;q=0.1
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: style
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:38 UTC346INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:38 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                              Connection: Upgrade
                                                                                                                                                                              Last-Modified: Tue, 10 Sep 2024 21:55:47 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 112427
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Type: text/css
                                                                                                                                                                              2024-10-30 16:52:38 UTC7846INData Raw: 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 2e 77 70 2d 62 6c 6f 63 6b 2d 61 72 63 68 69 76 65 73 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 61 72 63 68 69 76 65 73 2d 64 72 6f 70 64 6f 77 6e 20 6c 61 62 65 6c 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 61 76 61 74 61 72 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 30 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 61 76 61 74 61 72 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 61 76 61 74 61 72 20 69 6d 67 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 61 76 61 74 61 72 2e 61 6c 69 67 6e 63 65 6e 74 65 72 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 61
                                                                                                                                                                              Data Ascii: @charset "UTF-8";.wp-block-archives{box-sizing:border-box}.wp-block-archives-dropdown label{display:block}.wp-block-avatar{line-height:0}.wp-block-avatar,.wp-block-avatar img{box-sizing:border-box}.wp-block-avatar.aligncenter{text-align:center}.wp-block-a
                                                                                                                                                                              2024-10-30 16:52:38 UTC8000INData Raw: 6f 6d 3a 2e 32 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 63 6f 6d 6d 65 6e 74 73 20 2e 63 6f 6d 6d 65 6e 74 2d 66 6f 72 6d 20 69 6e 70 75 74 3a 6e 6f 74 28 5b 74 79 70 65 3d 73 75 62 6d 69 74 5d 29 3a 6e 6f 74 28 5b 74 79 70 65 3d 63 68 65 63 6b 62 6f 78 5d 29 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 63 6f 6d 6d 65 6e 74 73 20 2e 63 6f 6d 6d 65 6e 74 2d 66 6f 72 6d 20 74 65 78 74 61 72 65 61 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 63 6f 6d 6d 65 6e 74 73 20 2e 63 6f 6d 6d 65 6e 74 2d 66 6f 72 6d 2d 63 6f 6f 6b 69 65 73 2d 63 6f 6e 73 65 6e 74 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 67
                                                                                                                                                                              Data Ascii: om:.25em}.wp-block-post-comments .comment-form input:not([type=submit]):not([type=checkbox]),.wp-block-post-comments .comment-form textarea{box-sizing:border-box;display:block;width:100%}.wp-block-post-comments .comment-form-cookies-consent{display:flex;g
                                                                                                                                                                              2024-10-30 16:52:38 UTC8000INData Raw: 67 72 6f 75 6e 64 2d 64 69 6d 2d 38 30 20 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 76 65 72 5f 5f 62 61 63 6b 67 72 6f 75 6e 64 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 76 65 72 2e 68 61 73 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 64 69 6d 2e 68 61 73 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 64 69 6d 2d 38 30 20 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 76 65 72 5f 5f 67 72 61 64 69 65 6e 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 76 65 72 2e 68 61 73 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 64 69 6d 2e 68 61 73 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 64 69 6d 2d 38 30 3a 6e 6f 74 28 2e 68 61 73 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 67 72 61 64 69 65 6e 74 29 3a 62 65 66 6f 72 65 7b 6f 70 61 63 69 74 79 3a 2e 38 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 76 65
                                                                                                                                                                              Data Ascii: ground-dim-80 .wp-block-cover__background,.wp-block-cover.has-background-dim.has-background-dim-80 .wp-block-cover__gradient-background,.wp-block-cover.has-background-dim.has-background-dim-80:not(.has-background-gradient):before{opacity:.8}.wp-block-cove
                                                                                                                                                                              2024-10-30 16:52:38 UTC8000INData Raw: 5f 69 6e 6e 65 72 2d 63 6f 6e 74 61 69 6e 65 72 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 76 65 72 2d 69 6d 61 67 65 2e 68 61 73 2d 63 75 73 74 6f 6d 2d 63 6f 6e 74 65 6e 74 2d 70 6f 73 69 74 69 6f 6e 2e 68 61 73 2d 63 75 73 74 6f 6d 2d 63 6f 6e 74 65 6e 74 2d 70 6f 73 69 74 69 6f 6e 2e 69 73 2d 70 6f 73 69 74 69 6f 6e 2d 74 6f 70 2d 6c 65 66 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 76 65 72 5f 5f 69 6e 6e 65 72 2d 63 6f 6e 74 61 69 6e 65 72 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 76 65 72 2d 69 6d 61 67 65 2e 68 61 73 2d 63 75 73 74 6f 6d 2d 63 6f 6e 74 65 6e 74 2d 70 6f 73 69 74 69 6f 6e 2e 68 61 73 2d 63 75 73 74 6f 6d 2d 63 6f 6e 74 65 6e 74 2d 70 6f 73 69 74 69 6f 6e 2e 69 73 2d 70 6f 73 69 74 69 6f 6e 2d 74 6f 70 2d 72 69 67 68 74 20 2e 77 70 2d 62 6c
                                                                                                                                                                              Data Ascii: _inner-container,.wp-block-cover-image.has-custom-content-position.has-custom-content-position.is-position-top-left .wp-block-cover__inner-container,.wp-block-cover-image.has-custom-content-position.has-custom-content-position.is-position-top-right .wp-bl
                                                                                                                                                                              2024-10-30 16:52:38 UTC8000INData Raw: 73 74 2d 73 74 79 6c 65 2d 74 79 70 65 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 67 72 69 64 3a 6e 6f 74 28 2e 68 61 73 2d 6e 65 73 74 65 64 2d 69 6d 61 67 65 73 29 20 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 69 6d 61 67 65 2c 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 67 72 69 64 3a 6e 6f 74 28 2e 68 61 73 2d 6e 65 73 74 65 64 2d 69 6d 61 67 65 73 29 20 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 69 74 65 6d 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 67 61 6c 6c 65 72 79 3a 6e 6f 74 28 2e 68 61 73 2d 6e 65 73 74 65 64 2d 69 6d 61 67 65 73 29 20 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 69 6d 61 67 65 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 67 61 6c 6c 65 72 79 3a 6e 6f
                                                                                                                                                                              Data Ascii: st-style-type:none;margin:0;padding:0}.blocks-gallery-grid:not(.has-nested-images) .blocks-gallery-image,.blocks-gallery-grid:not(.has-nested-images) .blocks-gallery-item,.wp-block-gallery:not(.has-nested-images) .blocks-gallery-image,.wp-block-gallery:no
                                                                                                                                                                              2024-10-30 16:52:39 UTC8000INData Raw: 6b 73 2d 67 61 6c 6c 65 72 79 2d 69 6d 61 67 65 3a 6e 74 68 2d 6f 66 2d 74 79 70 65 28 36 6e 29 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 67 61 6c 6c 65 72 79 3a 6e 6f 74 28 2e 68 61 73 2d 6e 65 73 74 65 64 2d 69 6d 61 67 65 73 29 2e 63 6f 6c 75 6d 6e 73 2d 36 20 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 69 74 65 6d 3a 6e 74 68 2d 6f 66 2d 74 79 70 65 28 36 6e 29 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 67 61 6c 6c 65 72 79 3a 6e 6f 74 28 2e 68 61 73 2d 6e 65 73 74 65 64 2d 69 6d 61 67 65 73 29 2e 63 6f 6c 75 6d 6e 73 2d 37 20 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 69 6d 61 67 65 3a 6e 74 68 2d 6f 66 2d 74 79 70 65 28 37 6e 29 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 67 61 6c 6c 65 72 79 3a 6e 6f 74 28 2e 68 61 73 2d 6e 65 73 74 65 64 2d 69 6d 61 67 65 73 29 2e 63
                                                                                                                                                                              Data Ascii: ks-gallery-image:nth-of-type(6n),.wp-block-gallery:not(.has-nested-images).columns-6 .blocks-gallery-item:nth-of-type(6n),.wp-block-gallery:not(.has-nested-images).columns-7 .blocks-gallery-image:nth-of-type(7n),.wp-block-gallery:not(.has-nested-images).c
                                                                                                                                                                              2024-10-30 16:52:39 UTC8000INData Raw: 2a 3d 76 65 72 74 69 63 61 6c 2d 72 6c 5d 29 2c 68 35 2e 68 61 73 2d 74 65 78 74 2d 61 6c 69 67 6e 2d 6c 65 66 74 5b 73 74 79 6c 65 2a 3d 77 72 69 74 69 6e 67 2d 6d 6f 64 65 5d 3a 77 68 65 72 65 28 5b 73 74 79 6c 65 2a 3d 76 65 72 74 69 63 61 6c 2d 6c 72 5d 29 2c 68 35 2e 68 61 73 2d 74 65 78 74 2d 61 6c 69 67 6e 2d 72 69 67 68 74 5b 73 74 79 6c 65 2a 3d 77 72 69 74 69 6e 67 2d 6d 6f 64 65 5d 3a 77 68 65 72 65 28 5b 73 74 79 6c 65 2a 3d 76 65 72 74 69 63 61 6c 2d 72 6c 5d 29 2c 68 36 2e 68 61 73 2d 74 65 78 74 2d 61 6c 69 67 6e 2d 6c 65 66 74 5b 73 74 79 6c 65 2a 3d 77 72 69 74 69 6e 67 2d 6d 6f 64 65 5d 3a 77 68 65 72 65 28 5b 73 74 79 6c 65 2a 3d 76 65 72 74 69 63 61 6c 2d 6c 72 5d 29 2c 68 36 2e 68 61 73 2d 74 65 78 74 2d 61 6c 69 67 6e 2d 72 69 67 68
                                                                                                                                                                              Data Ascii: *=vertical-rl]),h5.has-text-align-left[style*=writing-mode]:where([style*=vertical-lr]),h5.has-text-align-right[style*=writing-mode]:where([style*=vertical-rl]),h6.has-text-align-left[style*=writing-mode]:where([style*=vertical-lr]),h6.has-text-align-righ
                                                                                                                                                                              2024-10-30 16:52:39 UTC8000INData Raw: 74 73 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 6c 61 74 65 73 74 2d 70 6f 73 74 73 2e 61 6c 69 67 6e 6c 65 66 74 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 32 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 6c 61 74 65 73 74 2d 70 6f 73 74 73 2e 61 6c 69 67 6e 72 69 67 68 74 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 32 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 6c 61 74 65 73 74 2d 70 6f 73 74 73 2e 77 70 2d 62 6c 6f 63 6b 2d 6c 61 74 65 73 74 2d 70 6f 73 74 73 5f 5f 6c 69 73 74 7b 6c 69 73 74 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 6c 61 74 65 73 74 2d 70 6f 73 74 73 2e 77 70 2d 62 6c 6f 63 6b 2d 6c 61 74 65 73 74 2d 70 6f 73 74 73 5f 5f 6c 69 73 74 20 6c 69 7b 63 6c 65 61 72 3a 62 6f 74
                                                                                                                                                                              Data Ascii: ts{box-sizing:border-box}.wp-block-latest-posts.alignleft{margin-right:2em}.wp-block-latest-posts.alignright{margin-left:2em}.wp-block-latest-posts.wp-block-latest-posts__list{list-style:none}.wp-block-latest-posts.wp-block-latest-posts__list li{clear:bot
                                                                                                                                                                              2024-10-30 16:52:39 UTC8000INData Raw: 6d 65 6e 75 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 77 70 2d 62 6c 6f 63 6b 2d 6e 61 76 69 67 61 74 69 6f 6e 5f 5f 73 75 62 6d 65 6e 75 2d 69 63 6f 6e 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 32 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 6e 61 76 69 67 61 74 69 6f 6e 20 2e 68 61 73 2d 63 68 69 6c 64 20 2e 77 70 2d 62 6c 6f 63 6b 2d 6e 61 76 69 67 61 74 69 6f 6e 5f 5f 73 75 62 6d 65 6e 75 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 77 70 2d 62 6c 6f 63 6b 2d 6e 61 76 69 67 61 74 69 6f 6e 5f 5f 73 75 62 6d 65 6e 75 2d 69 63 6f 6e 20 73 76 67 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 2d 39 30 64 65 67 29 7d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 6e 61 76 69 67 61 74 69 6f 6e 20 2e 68 61 73 2d 63 68 69 6c 64 20 2e 77 70 2d 62 6c 6f 63 6b 2d 6e 61 76 69 67 61 74
                                                                                                                                                                              Data Ascii: menu-container .wp-block-navigation__submenu-icon{margin-right:.25em}.wp-block-navigation .has-child .wp-block-navigation__submenu-container .wp-block-navigation__submenu-icon svg{transform:rotate(-90deg)}}.wp-block-navigation .has-child .wp-block-navigat
                                                                                                                                                                              2024-10-30 16:52:39 UTC8000INData Raw: 3a 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 6e 61 76 69 67 61 74 69 6f 6e 5f 5f 72 65 73 70 6f 6e 73 69 76 65 2d 63 6f 6e 74 61 69 6e 65 72 2e 69 73 2d 6d 65 6e 75 2d 6f 70 65 6e 20 2e 77 70 2d 62 6c 6f 63 6b 2d 6e 61 76 69 67 61 74 69 6f 6e 5f 5f 72 65 73 70 6f 6e 73 69 76 65 2d 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 6e 61 76 69 67 61 74 69 6f 6e 5f 5f 63 6f 6e 74 61 69 6e 65 72 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 6e 61 76 69 67 61 74 69 6f 6e 5f 5f 72 65 73 70 6f 6e 73 69 76 65 2d 63 6f 6e 74 61 69 6e 65 72 2e 69 73 2d 6d 65 6e 75 2d 6f 70 65 6e 20 2e 77 70 2d 62 6c 6f 63 6b 2d 6e 61 76 69 67 61 74 69 6f 6e 5f 5f 72 65 73 70 6f 6e 73 69 76 65 2d 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 20 2e 77 70
                                                                                                                                                                              Data Ascii: :auto}.wp-block-navigation__responsive-container.is-menu-open .wp-block-navigation__responsive-container-content .wp-block-navigation__container,.wp-block-navigation__responsive-container.is-menu-open .wp-block-navigation__responsive-container-content .wp
                                                                                                                                                                              2024-10-30 16:52:39 UTC778OUTGET /wp-content/plugins/formcraft3/dist/formcraft-common.css?ver=3.8.24 HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: text/css,*/*;q=0.1
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: style
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:39 UTC8192INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:39 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Last-Modified: Tue, 03 Nov 2020 18:33:29 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Length: 8079
                                                                                                                                                                              Content-Type: text/css
                                                                                                                                                                              rs6_aeQ2=dIoMMH,$HI>ljq9'*sM
                                                                                                                                                                              \K.6,H
                                                                                                                                                                              _4'"x"B`XB3"`8r\
                                                                                                                                                                              .YXu]&8<GT0Cr{44@-Yn{+=DDRb?*S:5;zRr/'fk+y4CrK\Q0b[Ha-x6b9s3nowwlUhR32a^
                                                                                                                                                                              1^UE7`GWIF+o*=F,"#H"OTmdL\ LEZ3ZJWEQN.}Q,]fh4A(F(C|?{M(IFsx_d/Hb/nA\Isvv%?eeZ\FTBife+WP(rh/_:o*p"Vvq54P$D0^gJ%xiqF%da|ZD\b1:mb=0pXpj0FNW<KozL'3eOV&4k}m
                                                                                                                                                                              lN{A%G#cA&Ktz~`puY{
                                                                                                                                                                              Rs>mi=AJ0,P,1QgtHJT0B;^.Bf`CYQbuz9!d[OI5;VnWzYw)5Y:>
                                                                                                                                                                              Fl)_r9StHno%a&
                                                                                                                                                                              B-p)8s_wN1#<F-AVFiljO<JQrXf_2#h*Ux/L7QbN2fdF(iC(uE7r%T@4oFqyph]o$'kxf_0qwlWEQ;{s\FUXe8~Bjl{818R1GjVX",YcC'W;dgCau|N9(;5Cg$P+]07f-da'$kZ,$Sk=7]J(_t2A3&7Y1d<[~\H_*9rv?[j6q/D3.aAj.VinSsm#{RIU-BiMt%Zx#(lY'(#Uz87YE_vBZ.yC[jFqi,CScizsezPA/I#7..H39WHZ\Rb?Z@a?\}{MA=[|Wopw,-f?$?}y#kzNj}??"owkwsDd_|}a|mwoow8_M<7%`l*w{p78}wSUk~-~7I>oC|~o7?M?&|sq3o{_3jo)~nv\[nWq}7|f|c'?}nqW\v0In_ [TRUNCATED]
                                                                                                                                                                              }|qukPwu^}Fr~uOd~|"]/_@v}od?,om=x~l.>D?}OGSWiFRVPO76aQ[$_7q4fu`U$\Dh&P5)ljYk8CX5!tgg69u4e:4v%'YJ,1b]3rN&,:'OHq,<Y^R TEoN
                                                                                                                                                                              3PbN|9!p;nC@'3s4o JiYa.,v4pN2OZ`ELQ?_R:Dcj&;B =[fa}kN8
                                                                                                                                                                              %mhjl2/YB3.kg\pDWfyCMt%Q"JbSe:!C/sC*XanUOV8Fp;[[U.IBYyr'FqzCa&T~gdLon>Pn'/~,_-0K>4CK<{grz{U0"pd\QFc4qsl/+iknzO(DonKD6,"^A41VEqw;`0foY1^V78~/x+G!_\Y0EJ`IuN'JdyifZUcG;ili=+Ho%+IGF9GeVnP5!<bx&?jBykg2[Yuj]_z0J=8Jfe,z;QUk]&F_E09lU(iCwHn=[y)>"**blcFU:azP8.+}YNJNpa+%ZR?jH
                                                                                                                                                                              ^j^5pk%DGi!>M[sO#U 5,N{1STw@;`9!v'6* ;_)fAg'g2l:5~;/rlBM(oLv&[OTd~rt.LV Q,4qBeZUx,SYi
                                                                                                                                                                              wV`e*b`Tpt;>B+U{F%/_+JKS[b|>9b@5'$}V'_J:{/+cq6`jN~U8HrI<E)T5Yx(mJ,P!Y65,{M&\fH/%v E-MCruM}#MEZ`/JG]fb4QF(C<v8: "ZzZD&2t1z^egaVF#b,c]7;x`XoO'DFvc[,4i^)2+CJUKoLnP{@\6V8FgSsz`4auzV)Z/cj8<Gc%Mq(<aRf(-"sZKxmg\p(cp.WoP){MzB:g+pk4D4_T0qoj"Kwj(r=@+,nz-ab0u]||u:`"zNO6B47wSx*9"p)A,rsP@-WBij3AJsT4H3MEZlE]fh4A(\P0v/=w3x\AMP<~n k%+2hX!XLZ|qn]L2DkY~`Hig0$LG7wm!mWR NX%yUo6=qrjG{}e76Xm<9ynoiI~7LEWf'Pr_xh [TRUNCATED]
                                                                                                                                                                              5x5/f`=Jk0,8^B(m_?l{1ww6LCrOSb,gN?%YlmVi\Jr\
                                                                                                                                                                              .YQ4P*f)ryPYBy5lqDEkdGNCY%/F(vaF4Jr%Wymk(K;=9}qL=8ay2nqL8#p!O1lQpv#0'$?P)7$y_>#&yv3yZhF^=N&S"mvyRnOngs=kh-v;a}kN'n2/4Mn\d\0*KeX3A,ggaaDGPX[!ND6W\ew]CE$NPaI
                                                                                                                                                                              kg\niXP~R`ijZx6B\2iEb<e`iMtehUp`,<7gI6;LS!vR,mq\:'Jq4;/
                                                                                                                                                                              fy8q|9Ykt~8AqZ,H~WjJyeh*BK%5
                                                                                                                                                                              29^QB3J7hXE$2#h(_PZw/c4to'LtlYIC3/7X7854-&{&&aVVMDI3]X50+y4CDfJ3>"nQlYNgKJ6.Be`pcqZRM#aP9z=0&.f4_V]r]7tJww4p#~&.E(vQpGR}@_Qi7OkN~wZ>#Yn@BwxYY<AC*UES}X]:&4D3GIe7y<[;o:'7Z!8gGsV.b@&uinDaAaO~v&G"NBH*BKB3
                                                                                                                                                                              >ZXNIwLvCSx0iJ)7 +<YeH=6eJb%Z;-~Qpqh=:+,n6!(xH2@j4M|Ha76J!Q>}HYh(!u^t tgnVd;$x)S+r7&B8L]B)%YM_C=.hiod0Z"x)qeD:T>L?L(v+?uc;!V[J`O.+h4p&T~wr=XE^$6"lLUQ_QiOl31]p4NQou
                                                                                                                                                                              kLp?9n]DhxmjByk!<.Xveh*B3Oq>%x{TVp0:]jtw_qJ.]pj+#zW5ZZ+lrHeJ/LVp;JPLB.)[7K=]gt6ye(W#UM$wi3(eMmvCA([I VTDh>
                                                                                                                                                                              |P%f9r%[IW/n^~~!=/[$a$C'R9ge
                                                                                                                                                                              VaXLLajQcoxy@s/3:i(yMkhe!r^SVp;{,uQ.'iOC~qOv!G3z/qTOuyGN~Y3|dr"T.cZ,8Uwl\8F2}lseeJbgiFRVRHJWEQP[sUEItcF4G(CxPQ|\='x{!OUkpOjvd+^7J["mjUQqg=&d~I5=DcDr:e'23;-t}u3)e;QpaD4__.--btX4[f"- p<C[Ifh-{{Ui0bS{'xX{{s8^QJ|]0o;MMM(o6\P]oMt%4b"sP6?q=dw0zX*O!%K6pn#:n s`IX<]pj+|$vZUV}`-iGx|k\3
                                                                                                                                                                              2024-10-30 16:52:40 UTC757OUTGET /wp-content/themes/shield-apps2/js/TweenMax.min.js?ver=6.6.2 HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:40 UTC8192INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:40 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Last-Modified: Thu, 15 Aug 2019 07:49:20 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Content-Type: application/javascript
                                                                                                                                                                              1faa
                                                                                                                                                                              6%Fw
                                                                                                                                                                              "1r-)W3gs*g[()
                                                                                                                                                                              `2eQ]D)}/bN
                                                                                                                                                                              ?=Go|8!Lzo??}?54*j[dZz+Iu>$Mo;~wwy>RfwZ|?{!BITS))nwk^#B{w^>4;Fzk=<9wk,4#hC}[Vkqpnp7mFQW(=/^sO/EB|2Puy>&)*J_K(^|AHTfJ!(EcHmtk{a/ URl=Zu#FO4R'u5F9$j,NIDa8-'TD<CQw>esbLgpIUurLh?jB+MH%hSD<7T1s9ViZ=}p.DG;2q4C4GJt'=e1U4?X};A5
                                                                                                                                                                              GusdT!7|~/'$D44\d"n gg#/Df%3hbL`GOCUPAX?w\HOAx^K^oL:17:j"m(z5oT3G$!JjGNY$bRXYUI1 QT_$DP@nwjN[.7bp~iKVB{0hdeUq[zY4?K'X5Y:^McrkE7l|G]Q,0Rtoz6c>-%<[jk
                                                                                                                                                                              OUKr5mrsmtIKUIh-jsxh7Jt:)4k">]NxNj^b+ 3\2(AyfGdwwdJq25|E*\HxiG<C<+k>d,SBbBC1tWU;<KCXpwSW:-ANe)nVw3;Yok -SsaJ!S{bVNu/;q]|lQhozi4tIAHONIpt6o/3cu&z!>Q/`ot.h'4#E_:9rBp7r|t'_t.xE>pM|}9o&~L:ugGeGqA.'leo}*2nu-G~
                                                                                                                                                                              5y;%^Up99`|oo!Z+{hqmGq:%]c^MD;;q,xx&*JZ76-/Rrb=}?Ff-%_X`OWJg-xjeoH,xi kX]}ScB->9h$w%q1E}1kntv4<*DWUYnw<+>KoWC&/~6&LTBTUT,B7g*2d>OEK*2n7*iKO:mNn_kWv|f5j[s2a.$D#lmDa~$!czmn~;9A;;8'sL**%TYZ$<\JrEK5"z:3S2~14 }m5$jNL0?qkr8AIz+Z-(|Arrwj[E(}h|N^[7\wsZcR:TU\}jR.%)?3P~FhQrm718YM6PC%)I$E[cc E't7bz-Qc]Go1j(5^;j#Wu/EtBO;d+Nhj+&@r5vLX[*vb
                                                                                                                                                                              f"'-I|{
                                                                                                                                                                              EyxB;
                                                                                                                                                                              1i<^y5/(
                                                                                                                                                                              C%r%LLAzbfz8DOB@7B*r{f42ZJxI#MOmx!bJ\H9[Mj'}yda&`b,mebNuI>UgZpYUKTU(,0cx&:`}0YYBk.fyy_j"CK1,Dn#bS%-iJW+^Oe`f`F}v&RDXRUPd@}O%&0hW v^.\DKzfo2*i?<!"s;q*/FLeRnP:*^<VxO0g3A3zh<t"WgrOgj6MqDoRD-:6/LC9~LsSn?8$sXSyPAZ)Rr!'5!,Hzv-o5ymN'@OGjFC5;,jMu(9xd';i(=qaj[Cn6T;mk^2]0_Iu!uM:b}{0Nybh.\/nonl8/;;|9nGTgq
                                                                                                                                                                              :bkG`!O7uGe8a{Wf]H\TVBB8wx^X<H[h@9}xfA)PA;{7tn[rac}Uavn#L^}dfD(S\4JSST?cR:4=!{fA7 hgLDDBf*1/;y5AM#6]ex.5hj118})-yn(gsu+&#ap(ViZ=es%/h^)Z[]hCkL8,s4GZ04O]$cmp)sgR\m5g?iPU`=@+xq|'q"V!VkptxFny!H=.W"C7sYw|gwU/j;@"xkQ*$4|u\Yd1b>txskeq}L"45h
                                                                                                                                                                              $<}5S`TIcu|?</eX)V]zPxgk( U%Z0,`?rphIMS3Cop|xzoa[A_OgtY.i2Awj[`a|k&9dIV)yyE#6
                                                                                                                                                                              Pp9U-<gtaUYB-U6OA6dU4SZB|a1%LhogIs#O?ReV:YFDbLpAfYg/TD_#O\gcZ
                                                                                                                                                                              k;tscNk^W;sya" {a~kD~AW-0bYp4Z~GCCc%grEv;wi #VSO A,G$GtRrF>62[<CB_FQzy6h5\HHVJn!WDUU;'Owv>tUVBHg\k0=!LAzXN|E{4,#xQe&FO39ux;4+Z$b>J"#sh/B.J5lMG?g*9tD vCK'i!)rA^zOL#,9p^+hk8@,giay}{.mZ|&XW'u
                                                                                                                                                                              LZ"n D`B
                                                                                                                                                                              rMFR(Uzw.$$=a{|ZHO={5(H4By:8Z!IR@S|e+d?kvR8|ZU#=$S Y:lwg;Vl/hy2Y|11+HHV@2AP6{!NsjU^`qnHLGmX`)dc+<@-5E1KI^ 94&6Y);mZEYvkoVbdee7G]]sxQ"`PU;Us,cq.g:9ew4W@#2wY1-<8WN\^'(@7E%FvzUN`}w+>]'sC/DBCkX.SPtLy5Ip\`pYVk*L&dt(rkIF#9rq5#AX-:}0cA #sUvX`#Y'Lb,VU|+,H!5 DBf#BGcB^tUPL*g(<SIBn~kC9a08&7<chG\91!gS:&Wp6m{lk>j)CWV,vf'coV^~32o`*G;%3^1(He`P@Ig*ecLhzopiSf-j.rm<<e-j$SJZ_4uoMmDbB@7?wV} [TRUNCATED]
                                                                                                                                                                              oU9okjY9wzH=^0ycDDBk=^n{&_N%Pwc
                                                                                                                                                                              6mf(./5_|8>HR:4 1{\[W!8&65Z0q6xmqjJTy8wXEVkKm2Ok==-&R4Yg#O?AqSz$!ag<xY)]]41yhIX"SM3
                                                                                                                                                                              T/:po^w(/1N/nJm<Qrm72l}T"T,NrZKFWUqS1ni}"J{+V}3$a0S@?q[Wk\Mk3W5GE7w^W?JAXB+F6!
                                                                                                                                                                              ;'$#SP^7u5R~`h)XmW<#4U5/iI6_PG=jRs5.'Q{
                                                                                                                                                                              1J6fZ:q5zl|x]d.qT>]tPL$t4NHhzjZUp#?>{i[MC
                                                                                                                                                                              vT%7\;khq&P[|608e]l3NOA/rGMEM@^!lFhD.r'\PxTx^><rf>k 6\
                                                                                                                                                                              .a7@5"-gv1m[k:6Ny,Hx(0+tFt]HO;;y:!t
                                                                                                                                                                              !nfrAUVxemchN LB:r[at`gs@vvo)
                                                                                                                                                                              ~<CNS}"^[\yE1"+5w/lTz5qa->8=
                                                                                                                                                                              [[;L-r?ugu_<X
                                                                                                                                                                              +5JU_hLGBT'uLe(mmDiX5lyrFB&uh<^.\HV)8_[2hp{nld0:.FFg*.rAbj*L K.7+xd+s/Q7uV8{ji=&+\MDBDszxQ-GN0M;ObLMB+/~8j|Z.@Lup"FtYIpGu!Sv!O+7mB2r.24}$i6BBV%Zd?OO97Bo8'S1e.tk4P5Xb:PUE{ES}mSLhj68)'-y`2{~&'BY91EFsf>)'QL<$?AX0S\?o_$wyy#O?A5T_!D&>Zi%V%qB0X@nR:tk?b=5LD9-.b?#hd428!bnX@`P
                                                                                                                                                                              2024-10-30 16:52:40 UTC811OUTGET /wp-content/uploads/2015/04/box-pc-privacy-shield1.png HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:41 UTC8192INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:40 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Last-Modified: Tue, 23 Feb 2021 06:36:05 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 186476
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Type: image/png
                                                                                                                                                                              PNG
                                                                                                                                                                              IHDR|jh|pHYs.#.#x?v
                                                                                                                                                                              OiCCPPhotoshop ICC profilexSgTS=BKKoR RB&*!J!QEEQ,
                                                                                                                                                                              !{k>H3Q5B.@
                                                                                                                                                                              $pd!s#~<<+"xM0B\t8K@zB@F&S`cbP-`'{[! eDh;VEX0fK9-0IWfH0Q){`##xFW<+*x<$9E[-qWW.(I+6aa@.y24x6_-"bbp@t~,/;m%h^uf@Wp~<<EJB[aW}g_Wl~<$2]GLbG"IbX*QqD2"B)%d,>5j>{-]cK'Xto(hw?G%fIq^D$.T?D*A,`6B$BB
                                                                                                                                                                              dr`)B(*`/@4Qhp.U=pa(Aa!bX#!H$ Q"K5H1RT UH=r9\F;2G1Q=C7Fdt1r=6h>C03l0.B8,c"VcwE6wB aAHXLXNH $47Q'"K&b21XH,#/{C7$C2'ITFnR#,4H#dk9, +3![
                                                                                                                                                                              b@qS(RjJ4e2AURT5ZBRQ4u9IKhhitNWGwg(gwLT071oUX**|
                                                                                                                                                                              J&*/TUUT^S}FU3SUPSSg;goT?~YYLOCQ_ cx,!ku5&|v*=9C3J3WRf?qtN(~))4L1e\kXHQG6EYAJ'\'GgSS
                                                                                                                                                                              M=:.kDwn^Loy}/TmGX$<5qo</QC]@Caa<FFi\$mm&&!&KMMRM);L;L5=12`ZxZ,eIZYnZ9YXUZ]F%NNgm}agbg}}=Z~sr:V:?}/gX3)iSGggsK.>.Jtq]z6i4)Y3sCQ?0k~OCOg#/c/Wwa>>r><72Y_7Oo_C#dz%gA[z|!?:eAAA!h!iP~aa~'W?pX15wCsDDDg1O9-J5*>.j<74?.fYXXIlK9.*6nl{/]py.,:@LN8A*%w%
                                                                                                                                                                              yg"/6C\*NH*Mz5y$3,'LL:v m2=:1qB!Mggfven/kY-
                                                                                                                                                                              BTZ(*geWf9+7KW-Xj9<qy
                                                                                                                                                                              +V<*mOW~&zMk^kU
                                                                                                                                                                              }]OX/Ya>(xodff-[nVE/(C<e;?TTTT6an{4[>UUMfeI?m]Nmq#=TR+Gw-6U#pDy:v{vg/jBFS[b[O>zG4<YyJTig}~.`{cjotE;;\tWW:_mt<O\kz{f7y9=zo~r'w'O_@AC?[jwGC8>99?rCd&/~m|x31^VwwO| (hSc3- cHRMz%u0`:o_FIDATxw\Usn}7B&*E tPDH 7w-&B~3;3>}B)Fh4@h4FFh4FFh4FFh4FFh4FFh4FFh4FFh4FFh4FFh4FFh4FFh4FFh4FFh4FFh4@z^!DD1P1
                                                                                                                                                                              :S8N8D=-!SljI:l:$Z*TXiH}U/F"hI)G0KRCHss3---477L2s6f8Jc0FH#EKPbM-h4-fRI)K)wB8ntzdccz:imm%NL&q\CE%48m\cpBR.faKNWk$VDk")F"h!b`d2{SSjjH$dY\E`Y&q

                                                                                                                                                                              pH,
                                                                                                                                                                              S(BRb_PcEREq,#&Mk4AF_HJiH*bk)//2#0E(SXXH(&gefAdh*<C(Fx9@Fb[:-EVh4Z5Mb00l6{h]]rb
                                                                                                                                                                              ]Kcc#L)%a`&J)|x$DqQ!ExB(,\E!K\0(w bL=Iu9YL}ih4Z524RNl2/_Nee%Da`m,x"$VeYtO}Z\-+e}s"(vOGj4-fS/fad\ztRd2?O
                                                                                                                                                                              6Ey %'IE-%Ou/jpReH5Ny 2'9yEl|Qj4_au^]]=fE,X]~P]<0$0EJYjtOu#HDythCn.5l%nKG5]GG:Zoa+Af;GeY'jhhg%bH$Rb&PT<l(?Faqv~)-vKa5V{4f||
                                                                                                                                                                              =|2[PNBI@qS/K^KG::fbWo^FFga|;Lt?e|;a /E^jFfq.i0@^~\B~[HR^t4c9F3zj4Z56@JeY1gTWWyiv)PK4lSPPBTeeLo5Y^St1D%dR{Be.N1ou'Il:dQ_hj4EQ`qarysb
                                                                                                                                                                              RT?)%!|x$L~a2h8cIU.-i)it5k?NW)0X@i0wtt]71lyw hh4"dVQQ1zy?:ReY|L|bbEb>JGX DeK"iFv?gK10n=MjI*`AtSN&AaiL&]`AO?]''m@,#_TBfV>`[{-{`?%f9Y,#qm5AKGeYB[WWy;w.UUUDCl aPB,RP*4v)'6+'cMz2(k5.ptt-rjttSN.OEPl{r_#gijj4lB8*^B]bU)F% )_LW1dv.BeO"XRLXmtMG75FFpmgS,XP8k,.]J&"d#8NZnI1!R/"^M"FTF&CG:%'mFB5shAFgR>3Yj%x.hhIp)+V{yT&,S=\wHGi!a"$Cj+%DV']v6mZVGk4Z5g}qxZ[4BBZB%IY@Lc:um'w`QAaXJ/Px02E<>JW~h]JImkN^In*vNGzjj4,l&Og}h4RPiX@cH[v [TRUNCATED]
                                                                                                                                                                              :SKVoZ-f2W
                                                                                                                                                                              =R.b$n[<LZT/~kK*+)70dgS~:XE:DZad$#R|RF#Z-R
                                                                                                                                                                              i!{HKEluZgqHGWY\IE1mhh-m0WK
                                                                                                                                                                              i\LT.mEyN{ZX~C42B6MG5sU"02EFbid4iGKii2fa.]t~nVFAvn_[A)T3,$v!NtkG3|e>,~2iSZbDs9y,t./ezn9jDQ\IG
                                                                                                                                                                              c%A2EhhP^}]0-44NcU VmEyn
                                                                                                                                                                              _"BD~?-zHKwii34(xio"H]_5_(mtdHGaS^V[s5whh6{-M4].m$i3-&;UKGEv#9QlKKGA:-Kt]sz959)"HE n]WAF%PWH@XvGCd.&fxF}Q?f~@K=+E.-V-mG1bEt~ %AL >i;wNKk&45l#]cAAF-f.[BDAo[CdXPrQ?+to=O V(W-)-EtLjiTJZWKkPZ_Um+$:eJFtB$P xNJkQUx&P='YOiZ[1iim$UKGHPcc;5+H;4CZ:j,Rr.SG=$m:&T.jh^=p\Ekr}~KpjPn6w]#Jeg=ac}UDd~"Z=-}iiY:\K1Emtjia4Z-=-M.-{&_oKSN
                                                                                                                                                                              StF<w!(IcY-4zB G
                                                                                                                                                                              F[T-'v!5 Ko9;
                                                                                                                                                                              7Pi_^.i\sNN.iiq(e!PNKk8
                                                                                                                                                                              r66%ANq5p0WF=FRz^%B!eG7TKrd*ZYY^i%la0~o)&BRqr%9v4HM\\#4hcG.iiLzG]
                                                                                                                                                                              ^cZ5-MU,!SE
                                                                                                                                                                              2024-10-30 16:52:41 UTC787OUTGET /wp-content/plugins/complianz-gdpr-premium/cookiebanner/js/complianz.min.js?ver=1720730544 HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:41 UTC8192INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:41 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Last-Modified: Thu, 11 Jul 2024 20:42:24 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Length: 14825
                                                                                                                                                                              Content-Type: application/javascript
                                                                                                                                                                              w9,W}Xfv#vG<myvn]$a@5E&_>%JvH"3###U"NIdqe$*k"9+\:9h+
                                                                                                                                                                              +;m]`L28&9BEL$_mr
                                                                                                                                                                              G j(h<}I7[|UW-Siev<S" m"=xp<-^fB#
                                                                                                                                                                              "i]YOm"<-/7Z,!}*0GD]90% U1+$&-Oz$0>MPq\}^,~F,*F'HKW*agl_W1+9O %[A1k0QNna)bCS3;N(Lh21|
                                                                                                                                                                              z.&.1/T/*q&2yS&-x"0e2tl?07(lc(9>KGP(;73/AfqgNc\GG]5SohUwA691-&-cSi#<=
                                                                                                                                                                              B(dJ5d&XBZn4P|0b/omBFs"LdPT[Nt`<\2I-f`f3vOse'$>D<H'm"5\-bme
                                                                                                                                                                              h~I|<itVO6^QLF0se%3kq6~J/3G&cgNS'~VSmnA/g&c >Ok1+p^_Rt0tU$v3vP"fWG;0>t3Q_^)lMum~4Hh^8j" -EZHst.dNHkr2
                                                                                                                                                                              x>eX }PLSplST>??)sE\cvP>%jNRP;Ho]))9ii:=ps%aU[G+@Qc&1A#Fl{$lKU_a&-(aaz<'yqSOm!|l]#L5NpvWadStjF#&3*x2T<I-l:cRRH0&"Qc*,z-)b/%hKf#O'5?Nrr'6cln=x"cv&9o#jaNf]=*#3_V*x?)~2pN,\uL*p<9U)xP"9Q*'L@%~AKyh%]~al3xB^lg1~Xbx}Cxy_ykzwe`fPANxQNgjRu-4:eY8D9Ml'&a\Iozbt4g/J/tINT7O,]E:`|P(hHv+iY!AUD^o6W'1 f}81YPDx
                                                                                                                                                                              i6\FGxW2P*J'`xr{Vv78H$LS%$X^ '.j3e^kz'3;e&qD1TOD~dwf~GzB!O?[eb_9rPgxW-[}l#Nc;Xn[tB.'s%;p^(N]D_]npJaFg+;3- pyIQcb?qEd*n=x>|o5c/X<>VAuoYH[OAaEC-IGA:Zot133j#UxJ :5bVRS0iR{Gi0o/_$Ei5alefeT9zjVZpi+]Jo/RI+cbxCtW(/fzr+1%:E&Z=~(Mv,$%O7H0nIR8:ZCB%'<B`fp@.,`N.B*h>sZ|LDJ^\2t!<bl(n9e<zf&{FJ=~5p5`,%j`__
                                                                                                                                                                              ~C0-#%A%S<g?Hj.Pn5~.52T[UD,3I5Nn7;Y.xNI
                                                                                                                                                                              O@RZIia)pm+#QY}]8Wj Yzbcep#6%t=Mf=V0 l=/=A:>(k:l1~2T7_3R'HH96,2k$Hj<U2LdZYE"RrZd8"#s!O:Sb4Kv~}F\Rs=:Py.}RodRD[!!:?u0f{}VNP&YOk3;Ph+?-f:2_j3l&26NA)eI[RB{8|gg& %l'vwi&f2HQL>K:q,WSXf3DJc8HV/)4c"ij.\CSiCf`QyzN i+
                                                                                                                                                                              tk X9
                                                                                                                                                                              &SVEu+6K
                                                                                                                                                                              E7JM.dgp!dlhKc6^X7oh_H#([tDO9 &:
                                                                                                                                                                              .VIKh %ITx;1wM_.0*>i~3*SbVxd@VA)m%`B4IUp,Y@|VBR6*sHBKX'fQ`K{TfRtx\"Ds#BvV3Sap@metl;g./z{It^b%^~D
                                                                                                                                                                              <%jrS
                                                                                                                                                                              !f1>>8j;)HDF(<C~VcqE]``To}sFVe%(zh L_SF|3Ls}Q' A4u02mEKcX!
                                                                                                                                                                              w=;9S@5H,`N/h2MWBk?Y\pTc7\E\Dyt^
                                                                                                                                                                              Gp!Dn,c%`yk`0xM,y%Ldi
                                                                                                                                                                              e|4hu}mKl11re
                                                                                                                                                                              xa6Gt#mZH<pP*pN-o:KJk'}hPAc@0S.BjHucc$L^2t'xT4L(IA#KR\7.GWS<1yr.K =x!G{MxYECczK#'}X WDu[X>96>33|;3gU/c\eLb O(}M%{H${E3t1Fpo6PB%Kh2d=xYb|bRItJ:3y~^.1dh/.J=;#xMR"4s
                                                                                                                                                                              %=B|5dLfjL.MYpKyp2LoVD&;y[n6MwqF8'!V0+v<qvz1Rv&c@ctG
                                                                                                                                                                              0Oe,#l@Cn{O"q:?7+ln,3r~4jCrP\IaN<1O1)`H0nc^KN*~Ha!4M 1i!}o
                                                                                                                                                                              |GJ(q*1um!Zi^?Z0_DfU5h`HT
                                                                                                                                                                              @QsZ(_}Q>i%36ZHS<vAVF+4]3E'SVK|Bz|PTE=Ny.f,WF"OYI}R367Rw'.{<A7H[aS.s""3g!VsV~vw?8kAN$<=Q/+?bJ^d:~Xt5}3sIB1geK7G:c-}H0NV )f1d``BX{63]?/@1>(K\:l[ba|~)
                                                                                                                                                                              ]@Ve`:^D<V>f~jKL|+{jIasc1G'V?7Ld\MZF>36v$GB.AgnTVN}91P={O-
                                                                                                                                                                              {ps%nkBKgiHfw-~
                                                                                                                                                                              4Hew@1h1O)DBNc~h)yBymETo12-+?W]%$-`L=T|dqkELk'jSuajO3-i=JP,Mq=RfBk+W?X/5eZlfX^iEZ?.qjZoXTPNN,zM|Oon?
                                                                                                                                                                              PW+u#E$55kp&(Csprw\[Fu_2VsAaPxQP,c]Kb<2,zL<.xYKr^H].@A},,u~_
                                                                                                                                                                              3QK5E^U_Da%ar UznuUTT5Ht!/.rtV|V^:5*'{HxB5HC}|v_nSc%NCrl N|:olT3L5T"+Ye]/FGpX`8
                                                                                                                                                                              5U-U5}G1BSz(G/Zj}Z
                                                                                                                                                                              EP>jr4pvc%p:M8+
                                                                                                                                                                              WBbu;.Hkkl&Q}A+6AQZIOA1'aCD[j>(\iPAV h
                                                                                                                                                                              u2c&}SgL
                                                                                                                                                                              3$*kB
                                                                                                                                                                              Wn/okF=AxrKBLTa4?o#t[)Lh|Mtn$(",HIO^U{m S2;gzo#h0~Z(l+C|d|z~c8o?=@qApf-bDN[9DN#>kG\?e>_?^lMR%P@ZYn/1vVOCuize'z<7FZ_|*YfF${3`L)f\:H$6|5.p,YSRLqji%l'Qy$Mrif%B'5m@1k{<Ct81oo>pn1So0.c,;y{)PNj>]D2mXo#S37T%10j1wpa[jRy2L(|($i}]ALLLZBW|imBKJhJ[rPdBBI<<Z(
                                                                                                                                                                              3KVPRnHZ(_SkH)!cOP1`-a{aIQx4rRaJUEt\{%{^X^Pfb|'{T*L[)zd)=@[Q#gdE{#j"75 8(f}$qd/T4P)5qNb'3i3?['aPc!5vAkSfs`A-4)#u!T'MK8?AKab]p[m{9~H,GgKpMOwp0bj]2S#H@[p0]YGBheY33U)xlb{VLzM<*1o=>6#/@b>a8RQ[E'CQ`Ep,]-%P(}>,f<IKSJ/)1j>v8Vn:`a?A/s?|$v$UU3A.* N!mIcS'
                                                                                                                                                                              \#9.KvLdb
                                                                                                                                                                              |0g46R|clHFX]d{iT-u)QIF&z2<v)Yn7.c~1EZV~Jk\p1it%Znr;yjG:n$lQ9e8#&@x%uB`>&/oR&1W
                                                                                                                                                                              2024-10-30 16:52:41 UTC786OUTGET /wp-json/complianz/v1/banner?lang=en&locale=en_US&token=onhno HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              Content-type: application/json
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:41 UTC704INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:41 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              X-Robots-Tag: noindex
                                                                                                                                                                              Link: <https://shieldapps.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link
                                                                                                                                                                              Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
                                                                                                                                                                              Allow: GET
                                                                                                                                                                              Vary: Origin,Accept-Encoding
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Length: 107
                                                                                                                                                                              Content-Type: application/json; charset=UTF-8
                                                                                                                                                                              VJ+N+),HUR/(/-QQ*JMyeE!P$-(95/1)'5$X*-18UG))1//(@7Jg
                                                                                                                                                                              2024-10-30 16:52:41 UTC769OUTGET /wp-content/uploads/complianz/css/banner-1-optout.css?v=30 HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: text/css,*/*;q=0.1
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: style
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:42 UTC4197INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:42 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Last-Modified: Mon, 15 Jul 2024 15:53:57 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Length: 3867
                                                                                                                                                                              Content-Type: text/css
                                                                                                                                                                              Rko:+n4!.z{e?T)ioCNU:uP7oU^Ay[Q*aP)khV6IL
                                                                                                                                                                              cF{>ao%B&K>.:[5S=]IO5(c?O5K][!ut$DMaW
                                                                                                                                                                              Hh`^ y$j:?
                                                                                                                                                                              /jXPh%+0fe,9R1z~hz1:shr:I8uO<A%Y~g|x{Q'[0rE;QZx\@rG]K@{^O|rdK;)<#
                                                                                                                                                                              w><eRcg_?ZuZz){%lG^;M1N4Z'Fy5"vW
                                                                                                                                                                              w_dWV!!\Aw8+3j(TdH7GtqhBFHByk]P1=yMnt&mA%GF@Ri:7JlXRX*qf{MO|=_wXs7K<Iz2j5HlT`lLzsc*r<Y&U?W3:',*U8Ucv,p2eXLAAMiVhG+Qq=E=8Y;rje4aILVm,:!"7
                                                                                                                                                                              $+w~ arwsPy{[w-C)QSR^LCy!*o5:[OwFD]c#J}I5w.efPfaw/d
                                                                                                                                                                              22l=g{'_CD]nRHl0*xf6UBuPghqDpo;>t`FXk(N>U[gA'|]y_QSy?"cS&q#B-)WAA0jXzz;L(,5GBR4mMDGyPP48w
                                                                                                                                                                              4+x}u'_XW@Elbb?tya,ed7|cCR\ 9<la>L2qBy;'-2;beubcwyfwk
                                                                                                                                                                              IeV/+<r6ciPG~xM26VM2b!WD2D]6-Qxoj2g4K/Y\_fXw^d-MB$P;a}=;N<PB}[Gf*,7/g|YZ8LX-31}a.HDy^cjz;]bMtsi5Aj&7<NPXj`KFH!>{
                                                                                                                                                                              hhe6LCrilb.$l%d14Yt"Lr9LNnZ"hI~(U"urm4]W/39lZ( vA{?|:=FYP7]
                                                                                                                                                                              /vt)ZMK3Z?~5GiQR;/,9ZFyoS0N5:&q%z&KMnp@<\k+LVKofWeEr){>g+7 2%}/)xG#$xKp&xTJE-h`C_w%&&7)kpTDF#nO!vE=PBTCv1SjpN@nXnh5^Zv-PV)cME`|uC^+8GRv=
                                                                                                                                                                              -+$\#r[[,3VHl!".81H%u?|BV
                                                                                                                                                                              #`KCj8[D
                                                                                                                                                                              %r;iL2hXy5A3t[a(Rt<
                                                                                                                                                                              aX9{a^:.vb%px#4D(MX`2=.a9h6ect~h!aP$
                                                                                                                                                                              6Q*ayS+ck?7`a^y<^<:j)acD}]|hJ5s%Bux6`Cxgpp[8yS0a/-kc7miCveX]e;%b(r*I;.6/}X0S&_x8z E-(d_WB+y#?(f]o
                                                                                                                                                                              aX>{>Kg}MJ|3C}>3oFBLAIIPy++O5HlTS5J_%fL}w?@qQ.qJlt2y)-4~skqf{-N
                                                                                                                                                                              6\<8aQm^7V;Gedfhx%?*&#WWpy}6I?BGMEZtki6u)khm.w!#S&_- lL#rhicMt1`:zSb(}>41A_1'/i==eJsf1_hp< _ffCES;@~W1pq%#INM:cbMYC{XSL_$Y]bn3j*1gUlCf
                                                                                                                                                                              ?^:9ZO{#uk,+&oD*Z!4k?f^ELD(A)D,ib*e%p
                                                                                                                                                                              %@u[0(4lizIv>{[[P"hu]4o-l@:o~\Ahz|!MQ8=jzR![=
                                                                                                                                                                              DYxmG>z+lr{nMBHt[bLLMU."(YA5*ts4-w`85r(>P*`:OdJJqSHLEq.IC<(}Em>E~-6P5":Y(D~#?w42oaAQdvAuK-(iGS~gf\e?aRUT[z4p*#}}8KgCkn1;
                                                                                                                                                                              2024-10-30 16:52:44 UTC942OUTGET //favicon.png HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              Cookie: _gcl_au=1.1.1439299319.1730307161; _gid=GA1.2.131272535.1730307161; _gat=1; _ga_V0DL3XBK82=GS1.1.1730307161.1.0.1730307161.60.0.0; _ga=GA1.1.1954789622.1730307161
                                                                                                                                                                              2024-10-30 16:52:45 UTC1996INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:45 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Last-Modified: Wed, 24 Feb 2021 00:27:45 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 1712
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Type: image/png
                                                                                                                                                                              PNG
                                                                                                                                                                              IHDR szzpHYstIMEktEXtAuthorHtEXtDescription!#
                                                                                                                                                                              tEXtCopyright:tEXtCreation time5tEXtSoftware]p:tEXtDisclaimertEXtWarningtEXtSourcetEXtCommenttEXtTitle'{IDATXW[lTU];3iEcMCM?|$1IB$<B"mi>(GKKl?`t+{;CyhEpWK5lq]Ms/\g4Vk66'RPF.'/TB%dXf/>~j%iASJICsv}n:-fL&)hN/3*"D@*'T g)$-$-3XU 4;V]4&a$30,DgM?/on>W7^d0
                                                                                                                                                                              4Id0z-+
                                                                                                                                                                              Qmm5+FMsBmmCM(A2>=E^[x"pqg~Ku_\__]h/-;gE<K>yi$!#
                                                                                                                                                                              2${D!Abc*+k%"V.RmD`tnffNwnW3JFxb/\~BLB}_fO',{GdE<$D*@-`eXr(P>Nr.,aP~Q%_Y}
                                                                                                                                                                              `CE@6\,@`y[^{c::wjDt\DR)#G"yxC&#jent|HV:HZW63\."J|SdDP#S@3PC9d$.AN,&mDG}<I"J\
                                                                                                                                                                              \6At?A)HX4_3^&;P2-V7>\FeW{Nt>qL{$tZKz?C2:;9|KIukr/x=7p\zPY[r~q7"90.Vqg5vpf6L2Wz)iMZ|0.__%9R!CG6hV&K:rq*Cx7oR `l9t|Ynr`:2~@|tbR\PS>{cIVhf[%+#@LgUp kG5m$z_>=I?p-jIENDB`


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              10192.168.2.449761151.101.194.1374433412C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:39 UTC542OUTGET /jquery-2.2.4.min.js?ver=2.2.4 HTTP/1.1
                                                                                                                                                                              Host: code.jquery.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                                                                              Referer: https://shieldapps.com/
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:39 UTC613INHTTP/1.1 200 OK
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Length: 85578
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Content-Type: application/javascript; charset=utf-8
                                                                                                                                                                              Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT
                                                                                                                                                                              ETag: "28feccc0-14e4a"
                                                                                                                                                                              Cache-Control: public, max-age=31536000, stale-while-revalidate=604800
                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                              Via: 1.1 varnish, 1.1 varnish
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:39 GMT
                                                                                                                                                                              Age: 1300985
                                                                                                                                                                              X-Served-By: cache-lga21935-LGA, cache-dfw-kdfw8210025-DFW
                                                                                                                                                                              X-Cache: HIT, HIT
                                                                                                                                                                              X-Cache-Hits: 2240, 2
                                                                                                                                                                              X-Timer: S1730307159.384636,VS0,VE0
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              2024-10-30 16:52:39 UTC16384INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 32 2e 32 2e 34 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 69 74 68 20 61 20 64 6f 63 75 6d 65 6e
                                                                                                                                                                              Data Ascii: /*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a documen
                                                                                                                                                                              2024-10-30 16:52:39 UTC16384INData Raw: 65 73 74 28 61 7c 7c 22 22 29 7c 7c 66 61 2e 65 72 72 6f 72 28 22 75 6e 73 75 70 70 6f 72 74 65 64 20 6c 61 6e 67 3a 20 22 2b 61 29 2c 61 3d 61 2e 72 65 70 6c 61 63 65 28 62 61 2c 63 61 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 3b 64 6f 20 69 66 28 63 3d 70 3f 62 2e 6c 61 6e 67 3a 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 78 6d 6c 3a 6c 61 6e 67 22 29 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 6c 61 6e 67 22 29 29 72 65 74 75 72 6e 20 63 3d 63 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 63 3d 3d 3d 61 7c 7c 30 3d 3d 3d 63 2e 69 6e 64 65 78 4f 66 28 61 2b 22 2d 22 29 3b 77 68 69 6c 65 28 28 62 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 29 26 26 31 3d 3d 3d 62 2e 6e 6f 64 65 54 79 70 65
                                                                                                                                                                              Data Ascii: est(a||"")||fa.error("unsupported lang: "+a),a=a.replace(ba,ca).toLowerCase(),function(b){var c;do if(c=p?b.lang:b.getAttribute("xml:lang")||b.getAttribute("lang"))return c=c.toLowerCase(),c===a||0===c.indexOf(a+"-");while((b=b.parentNode)&&1===b.nodeType
                                                                                                                                                                              2024-10-30 16:52:39 UTC16384INData Raw: 68 69 73 2c 61 29 7d 29 3a 4b 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 2c 64 3b 69 66 28 66 26 26 76 6f 69 64 20 30 3d 3d 3d 62 29 7b 69 66 28 63 3d 4f 2e 67 65 74 28 66 2c 61 29 7c 7c 4f 2e 67 65 74 28 66 2c 61 2e 72 65 70 6c 61 63 65 28 51 2c 22 2d 24 26 22 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 2c 76 6f 69 64 20 30 21 3d 3d 63 29 72 65 74 75 72 6e 20 63 3b 69 66 28 64 3d 6e 2e 63 61 6d 65 6c 43 61 73 65 28 61 29 2c 63 3d 4f 2e 67 65 74 28 66 2c 64 29 2c 76 6f 69 64 20 30 21 3d 3d 63 29 72 65 74 75 72 6e 20 63 3b 69 66 28 63 3d 52 28 66 2c 64 2c 76 6f 69 64 20 30 29 2c 76 6f 69 64 20 30 21 3d 3d 63 29 72 65 74 75 72 6e 20 63 7d 65 6c 73 65 20 64 3d 6e 2e 63 61 6d 65 6c 43 61 73 65 28 61 29 2c 74 68 69 73 2e 65 61 63
                                                                                                                                                                              Data Ascii: his,a)}):K(this,function(b){var c,d;if(f&&void 0===b){if(c=O.get(f,a)||O.get(f,a.replace(Q,"-$&").toLowerCase()),void 0!==c)return c;if(d=n.camelCase(a),c=O.get(f,d),void 0!==c)return c;if(c=R(f,d,void 0),void 0!==c)return c}else d=n.camelCase(a),this.eac
                                                                                                                                                                              2024-10-30 16:52:39 UTC16384INData Raw: 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 43 6c 69 70 2c 67 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 3d 22 62 6f 72 64 65 72 3a 30 3b 77 69 64 74 68 3a 38 70 78 3b 68 65 69 67 68 74 3a 30 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 2d 39 39 39 39 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 22 2c 67 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 68 29 3b 66 75 6e 63 74 69 6f 6e 20 69 28 29 7b 68 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 3d 22 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78
                                                                                                                                                                              Data Ascii: .style.backgroundClip,g.style.cssText="border:0;width:8px;height:0;top:0;left:-9999px;padding:0;margin-top:1px;position:absolute",g.appendChild(h);function i(){h.style.cssText="-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box
                                                                                                                                                                              2024-10-30 16:52:39 UTC16384INData Raw: 61 29 7b 62 3d 61 2e 6d 61 74 63 68 28 47 29 7c 7c 5b 5d 3b 77 68 69 6c 65 28 63 3d 74 68 69 73 5b 69 2b 2b 5d 29 69 66 28 65 3d 66 62 28 63 29 2c 64 3d 31 3d 3d 3d 63 2e 6e 6f 64 65 54 79 70 65 26 26 28 22 20 22 2b 65 2b 22 20 22 29 2e 72 65 70 6c 61 63 65 28 65 62 2c 22 20 22 29 29 7b 67 3d 30 3b 77 68 69 6c 65 28 66 3d 62 5b 67 2b 2b 5d 29 77 68 69 6c 65 28 64 2e 69 6e 64 65 78 4f 66 28 22 20 22 2b 66 2b 22 20 22 29 3e 2d 31 29 64 3d 64 2e 72 65 70 6c 61 63 65 28 22 20 22 2b 66 2b 22 20 22 2c 22 20 22 29 3b 68 3d 6e 2e 74 72 69 6d 28 64 29 2c 65 21 3d 3d 68 26 26 63 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 63 6c 61 73 73 22 2c 68 29 7d 7d 72 65 74 75 72 6e 20 74 68 69 73 7d 2c 74 6f 67 67 6c 65 43 6c 61 73 73 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62
                                                                                                                                                                              Data Ascii: a){b=a.match(G)||[];while(c=this[i++])if(e=fb(c),d=1===c.nodeType&&(" "+e+" ").replace(eb," ")){g=0;while(f=b[g++])while(d.indexOf(" "+f+" ")>-1)d=d.replace(" "+f+" "," ");h=n.trim(d),e!==h&&c.setAttribute("class",h)}}return this},toggleClass:function(a,b
                                                                                                                                                                              2024-10-30 16:52:39 UTC3658INData Raw: 2e 63 68 69 6c 64 4e 6f 64 65 73 29 29 7d 3b 76 61 72 20 4c 62 3d 6e 2e 66 6e 2e 6c 6f 61 64 3b 6e 2e 66 6e 2e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 61 26 26 4c 62 29 72 65 74 75 72 6e 20 4c 62 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 3b 76 61 72 20 64 2c 65 2c 66 2c 67 3d 74 68 69 73 2c 68 3d 61 2e 69 6e 64 65 78 4f 66 28 22 20 22 29 3b 72 65 74 75 72 6e 20 68 3e 2d 31 26 26 28 64 3d 6e 2e 74 72 69 6d 28 61 2e 73 6c 69 63 65 28 68 29 29 2c 61 3d 61 2e 73 6c 69 63 65 28 30 2c 68 29 29 2c 6e 2e 69 73 46 75 6e 63 74 69 6f 6e 28 62 29 3f 28 63 3d 62 2c 62 3d 76 6f 69 64 20 30 29 3a 62 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 62 26 26
                                                                                                                                                                              Data Ascii: .childNodes))};var Lb=n.fn.load;n.fn.load=function(a,b,c){if("string"!=typeof a&&Lb)return Lb.apply(this,arguments);var d,e,f,g=this,h=a.indexOf(" ");return h>-1&&(d=n.trim(a.slice(h)),a=a.slice(0,h)),n.isFunction(b)?(c=b,b=void 0):b&&"object"==typeof b&&


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              11192.168.2.44975550.87.253.1104433412C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:39 UTC766OUTGET /wp-content/plugins/formcraft3/dist/form.css?ver=3.8.24 HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: text/css,*/*;q=0.1
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: style
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:39 UTC345INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:39 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                              Connection: Upgrade
                                                                                                                                                                              Last-Modified: Tue, 03 Nov 2020 18:33:29 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 64566
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Type: text/css
                                                                                                                                                                              2024-10-30 16:52:39 UTC7847INData Raw: 40 2d 77 65 62 6b 69 74 2d 6b 65 79 66 72 61 6d 65 73 20 6c 6f 61 64 41 6e 69 6d 61 74 65 7b 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 30 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 30 29 7d 31 30 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 33 36 30 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 33 36 30 64 65 67 29 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 6c 6f 61 64 41 6e 69 6d 61 74 65 7b 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 30 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 30 29 7d 31 30 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 33 36 30 64 65
                                                                                                                                                                              Data Ascii: @-webkit-keyframes loadAnimate{0%{-webkit-transform:rotate(0);transform:rotate(0)}100%{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}@keyframes loadAnimate{0%{-webkit-transform:rotate(0);transform:rotate(0)}100%{-webkit-transform:rotate(360de
                                                                                                                                                                              2024-10-30 16:52:39 UTC8000INData Raw: 6b 7d 68 74 6d 6c 20 2e 66 6f 72 6d 63 72 61 66 74 2d 63 73 73 20 2e 66 63 2d 73 74 69 63 6b 79 2e 66 63 2d 73 74 69 63 6b 79 2d 62 6f 74 74 6f 6d 2d 72 69 67 68 74 2e 73 68 6f 77 20 2e 66 6f 72 6d 2d 63 6f 76 65 72 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 73 74 69 63 6b 79 5f 73 68 6f 77 20 2e 35 35 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2c 30 2c 30 2c 31 29 3b 61 6e 69 6d 61 74 69 6f 6e 3a 73 74 69 63 6b 79 5f 73 68 6f 77 20 2e 35 35 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2c 30 2c 30 2c 31 29 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 68 74 6d 6c 20 2e 66 6f 72 6d 63 72 61 66 74 2d 63 73 73 20 2e 66 63 2d 73 74 69 63 6b 79 2e 66 63 2d 73 74 69 63 6b 79 2d 62 6f 74 74 6f 6d 2d 72 69 67 68 74 2e 68 69 64 69 6e 67 7b 6f
                                                                                                                                                                              Data Ascii: k}html .formcraft-css .fc-sticky.fc-sticky-bottom-right.show .form-cover{-webkit-animation:sticky_show .55s cubic-bezier(0,0,0,1);animation:sticky_show .55s cubic-bezier(0,0,0,1);display:block}html .formcraft-css .fc-sticky.fc-sticky-bottom-right.hiding{o
                                                                                                                                                                              2024-10-30 16:52:39 UTC8000INData Raw: 72 20 2e 66 6f 72 6d 2d 65 6c 65 6d 65 6e 74 20 2e 66 6f 72 6d 2d 65 6c 65 6d 65 6e 74 2d 68 74 6d 6c 20 2e 66 69 65 6c 64 2d 63 6f 76 65 72 3e 64 69 76 2c 68 74 6d 6c 20 2e 66 6f 72 6d 63 72 61 66 74 2d 63 73 73 20 2e 66 63 2d 66 6f 72 6d 2e 66 69 65 6c 64 2d 61 6c 69 67 6e 6d 65 6e 74 2d 63 65 6e 74 65 72 20 2e 66 6f 72 6d 2d 65 6c 65 6d 65 6e 74 20 2e 66 6f 72 6d 2d 65 6c 65 6d 65 6e 74 2d 68 74 6d 6c 20 2e 66 69 65 6c 64 2d 63 6f 76 65 72 3e 73 70 61 6e 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 30 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 68 74 6d 6c 20 2e 66 6f 72 6d 63 72 61 66 74 2d 63 73 73 20 2e 66 63 2d 66 6f 72 6d 2e 66 69 65 6c 64 2d 61 6c 69 67 6e 6d 65 6e 74 2d 63 65 6e 74 65 72 2e 6c 61 62 65 6c 2d 66 6c 6f 61 74 69 6e 67 20 2e
                                                                                                                                                                              Data Ascii: r .form-element .form-element-html .field-cover>div,html .formcraft-css .fc-form.field-alignment-center .form-element .form-element-html .field-cover>span{padding-top:0;text-align:center}html .formcraft-css .fc-form.field-alignment-center.label-floating .
                                                                                                                                                                              2024-10-30 16:52:39 UTC8000INData Raw: 6e 74 2d 68 74 6d 6c 20 2e 74 69 6d 65 70 69 63 6b 65 72 2d 63 6f 76 65 72 20 2e 74 69 6d 65 2d 66 69 65 6c 64 73 2d 63 6f 76 65 72 20 73 65 6c 65 63 74 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 33 70 78 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 33 70 78 7d 68 74 6d 6c 20 2e 66 6f 72 6d 63 72 61 66 74 2d 63 73 73 20 2e 66 63 2d 66 6f 72 6d 2e 6c 61 62 65 6c 2d 66 6c 6f 61 74 69 6e 67 20 2e 66 6f 72 6d 2d 65 6c 65 6d 65 6e 74 2e 65 72 72 6f 72 2d 66 69 65 6c 64 20 2e 66 6f 72 6d 2d 65 6c 65 6d 65 6e 74 2d 68 74 6d 6c 20 69 6e 70 75 74 5b 74 79 70 65 3d 65 6d 61 69 6c 5d 2c 68 74 6d 6c 20 2e 66 6f 72 6d 63 72 61 66 74 2d 63 73 73 20 2e 66 63 2d 66 6f 72 6d 2e 6c 61 62 65 6c 2d 66 6c 6f 61 74 69 6e 67 20 2e 66 6f 72 6d 2d 65 6c 65 6d 65 6e 74 2e 65 72 72
                                                                                                                                                                              Data Ascii: nt-html .timepicker-cover .time-fields-cover select{padding-top:3px;padding-bottom:3px}html .formcraft-css .fc-form.label-floating .form-element.error-field .form-element-html input[type=email],html .formcraft-css .fc-form.label-floating .form-element.err
                                                                                                                                                                              2024-10-30 16:52:39 UTC8000INData Raw: 6f 72 6d 63 72 61 66 74 2d 63 73 73 20 2e 66 63 2d 66 6f 72 6d 20 2e 66 69 65 6c 64 2d 63 6f 76 65 72 20 2e 73 75 62 2d 6c 61 62 65 6c 2d 66 61 6c 73 65 7b 74 6f 70 3a 2e 37 65 6d 7d 68 74 6d 6c 20 2e 66 6f 72 6d 63 72 61 66 74 2d 63 73 73 20 2e 66 63 2d 66 6f 72 6d 20 2e 66 69 65 6c 64 2d 63 6f 76 65 72 20 2e 73 75 62 2d 6c 61 62 65 6c 2d 66 61 6c 73 65 20 73 70 61 6e 2e 73 75 62 2d 6c 61 62 65 6c 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 68 74 6d 6c 20 2e 66 6f 72 6d 63 72 61 66 74 2d 63 73 73 20 2e 66 63 2d 66 6f 72 6d 20 2e 66 69 65 6c 64 2d 63 6f 76 65 72 3e 64 69 76 7b 77 69 64 74 68 3a 37 30 25 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 7d 68 74 6d 6c 20 2e 66 6f 72 6d 63 72 61 66
                                                                                                                                                                              Data Ascii: ormcraft-css .fc-form .field-cover .sub-label-false{top:.7em}html .formcraft-css .fc-form .field-cover .sub-label-false span.sub-label{display:none}html .formcraft-css .fc-form .field-cover>div{width:70%;display:inline-block;text-align:left}html .formcraf
                                                                                                                                                                              2024-10-30 16:52:39 UTC8000INData Raw: 77 69 64 74 68 3a 31 2e 31 65 6d 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 68 74 6d 6c 20 2e 66 6f 72 6d 63 72 61 66 74 2d 63 73 73 20 2e 66 63 2d 66 6f 72 6d 20 2e 66 6f 72 6d 2d 65 6c 65 6d 65 6e 74 20 2e 66 69 65 6c 64 2d 63 6f 76 65 72 20 2e 66 6f 72 6d 63 72 61 66 74 2d 69 63 6f 6e 2e 69 63 6f 6e 2d 74 79 70 65 2d 6e 6f 2d 69 63 6f 6e 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 68 74 6d 6c 20 2e 66 6f 72 6d 63 72 61 66 74 2d 63 73 73 20 2e 66 63 2d 66 6f 72 6d 20 2e 66 6f 72 6d 2d 65 6c 65 6d 65 6e 74 20 2e 64 61 74 65 70 69 63 6b 65 72 2d 63 6f 76 65 72 20 69 6e 70 75 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 62 61
                                                                                                                                                                              Data Ascii: width:1.1em;color:inherit;background-color:transparent}html .formcraft-css .fc-form .form-element .field-cover .formcraft-icon.icon-type-no-icon{display:none}html .formcraft-css .fc-form .form-element .datepicker-cover input{background-repeat:no-repeat;ba
                                                                                                                                                                              2024-10-30 16:52:39 UTC8000INData Raw: 75 74 74 6f 6e 2d 66 69 6c 65 20 3a 3a 2d 77 65 62 6b 69 74 2d 66 69 6c 65 2d 75 70 6c 6f 61 64 2d 62 75 74 74 6f 6e 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 68 74 6d 6c 20 2e 66 6f 72 6d 63 72 61 66 74 2d 63 73 73 20 2e 66 63 2d 66 6f 72 6d 20 2e 66 6f 72 6d 2d 65 6c 65 6d 65 6e 74 20 2e 66 69 6c 65 75 70 6c 6f 61 64 2d 63 6f 76 65 72 2e 66 69 65 6c 64 2d 63 6f 76 65 72 20 2e 62 75 74 74 6f 6e 2d 66 69 6c 65 3a 68 6f 76 65 72 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 31 30 30 70 78 20 72 67 62 61 28 35 30 2c 35 30 2c 35 30 2c 2e 30 38 29 20 69 6e 73 65 74 7d 68 74 6d 6c 20 2e 66 6f 72 6d 63 72 61 66 74 2d 63 73 73 20 2e 66 63 2d 66 6f 72 6d 20 2e 66 6f 72 6d 2d 65 6c 65 6d 65 6e 74 20 2e 66 69 6c 65 75 70 6c 6f 61 64 2d 63 6f 76 65 72 2e 66
                                                                                                                                                                              Data Ascii: utton-file ::-webkit-file-upload-button{cursor:pointer}html .formcraft-css .fc-form .form-element .fileupload-cover.field-cover .button-file:hover{box-shadow:0 0 100px rgba(50,50,50,.08) inset}html .formcraft-css .fc-form .form-element .fileupload-cover.f
                                                                                                                                                                              2024-10-30 16:52:39 UTC8000INData Raw: 62 2d 6c 61 62 65 6c 2d 63 6f 76 65 72 20 2e 74 68 75 6d 62 73 2d 75 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 2e 35 65 6d 7d 68 74 6d 6c 20 2e 66 6f 72 6d 63 72 61 66 74 2d 63 73 73 20 2e 66 63 2d 66 6f 72 6d 20 2e 66 6f 72 6d 2d 65 6c 65 6d 65 6e 74 20 2e 74 68 75 6d 62 2d 63 6f 76 65 72 20 2e 74 68 75 6d 62 2d 6c 61 62 65 6c 2d 63 6f 76 65 72 20 6c 61 62 65 6c 20 69 6e 70 75 74 5b 74 79 70 65 3d 72 61 64 69 6f 5d 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6c 65 66 74 3a 2d 39 39 39 65 6d 7d 68 74 6d 6c 20 2e 66 6f 72 6d 63 72 61 66 74 2d 63 73 73 20 2e 66 63 2d 66 6f 72 6d 20 2e 66 6f 72 6d 2d 65 6c 65 6d 65 6e 74 20 2e 74 68 75 6d 62 2d 63 6f 76 65 72 20 2e 74 68 75 6d 62 2d 6c 61 62 65 6c 2d 63 6f 76 65 72 20 6c 61 62 65 6c 7b 74 72 61 6e
                                                                                                                                                                              Data Ascii: b-label-cover .thumbs-up{font-size:3.5em}html .formcraft-css .fc-form .form-element .thumb-cover .thumb-label-cover label input[type=radio]{position:absolute;left:-999em}html .formcraft-css .fc-form .form-element .thumb-cover .thumb-label-cover label{tran
                                                                                                                                                                              2024-10-30 16:52:39 UTC719INData Raw: 66 6f 72 6d 63 72 61 66 74 2d 63 73 73 2e 69 6d 61 67 65 5f 62 75 74 74 6f 6e 5f 63 6f 76 65 72 2e 70 6c 61 63 65 6d 65 6e 74 2d 62 6f 74 74 6f 6d 2d 72 69 67 68 74 20 61 7b 72 69 67 68 74 3a 33 25 7d 68 74 6d 6c 20 62 6f 64 79 20 2e 66 6f 72 6d 63 72 61 66 74 2d 63 73 73 20 2e 66 63 2d 66 6f 72 6d 20 2e 66 6f 72 6d 2d 65 6c 65 6d 65 6e 74 20 2e 74 69 6d 65 70 69 63 6b 65 72 2d 63 6f 76 65 72 20 2e 74 69 6d 65 2d 66 69 65 6c 64 73 2d 63 6f 76 65 72 20 69 6e 70 75 74 2e 6d 65 72 69 64 69 61 6e 2d 70 69 63 6b 65 72 2c 68 74 6d 6c 20 62 6f 64 79 20 2e 66 6f 72 6d 63 72 61 66 74 2d 63 73 73 20 2e 66 63 2d 66 6f 72 6d 20 2e 66 6f 72 6d 2d 65 6c 65 6d 65 6e 74 20 2e 74 69 6d 65 70 69 63 6b 65 72 2d 63 6f 76 65 72 20 2e 74 69 6d 65 2d 66 69 65 6c 64 73 2d 63 6f
                                                                                                                                                                              Data Ascii: formcraft-css.image_button_cover.placement-bottom-right a{right:3%}html body .formcraft-css .fc-form .form-element .timepicker-cover .time-fields-cover input.meridian-picker,html body .formcraft-css .fc-form .form-element .timepicker-cover .time-fields-co
                                                                                                                                                                              2024-10-30 16:52:40 UTC758OUTGET /wp-content/themes/shield-apps2/js/bootstrap.min.js?ver=6.6.2 HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:40 UTC2636INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:40 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Last-Modified: Thu, 15 Aug 2019 07:49:20 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Length: 2292
                                                                                                                                                                              Content-Type: application/javascript
                                                                                                                                                                              Rks6_As,F*wd^o"D8W>$RQ:g,>=3x\E~Hj<,OWfh"htE=XU
                                                                                                                                                                              A:p3A]@U>/gofn1f6XJPo^]~wF>lP3h\"9t*7K\L|3YoF2B%\-"'8(IE]NV9s!+0#5ZcI_S,Z*WFO7q 6x6\_C5wByG1/ H0$!$.d};nC?K9ZuH7|`Y<|.";>mXdG7A-<I<^xx*A"rfOOGoeR^t0*nO<PJUb".3];BTiv-$q|%P>.~w`n*M>=J7^Gf0nz*;gE$,:VGE:w'DkF9=<Y12yO]W|xME;!IHl7e;/2NOYBt&7E|/=;})!7M{p*"F`j|6d^Md+`n^~jr\@YKtOs<*&kY,<3,/%+n[$)M$$[sL~ppu{ay3JaO%N4<F}x"ou!ND4:(tR5^K)QAtYL8,'P8_G]:Gtnm9'a;_#fQOU+Gz6!;_Wf(`9*H=n [TRUNCATED]
                                                                                                                                                                              ?8MRkd[F
                                                                                                                                                                              !Jl%Zcai{\+B1t6DKZz*Xxn>J4sK#}3Gi{bdIqeGC\IT7bE=PL/{JCr3;?FgnxL7'-0s$S'@^G7Adj3K)!Q2(M}_~z2|P:&j}CiWCk1-Zv4a^X_-SPG9m0;/TE,efPpjE7%8^1nm&0[%FVLRqwO>cDkOD&`2#zd*k{I"Zx.
                                                                                                                                                                              b$i0{vsYP<'IpLQ8EmN{x.W*f]&y#uu&q4LszF6ZH}A#Z)P/ZYxjAzMb_l~{Vj8~8\k[!dtsZIdn,$Bkhx&s?p_Zqx&ul|9,{lOwyZ4Iwn=hSHT#~`JO6:"T"Ip(
                                                                                                                                                                              R%~?EeP"HUYV.S\%\VcgX^q}]!p
                                                                                                                                                                              2024-10-30 16:52:40 UTC674OUTGET /wp-content/themes/shield-apps2/images/about-bkg.jpg HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                              Referer: https://shieldapps.com/wp-content/themes/shield-apps2/style.css?ver=1.0.1
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:40 UTC8192INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:40 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Last-Modified: Thu, 15 Aug 2019 07:49:20 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 40245
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Type: image/jpeg
                                                                                                                                                                              ExifII*DuckyP+http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:E3DFCB3EEB6711E5927081C5EB39C277" xmpMM:DocumentID="xmp.did:E3DFCB3FEB6711E5927081C5EB39C277"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E3DFCB3CEB6711E5927081C5EB39C277" stRef:documentID="xmp.did:E3DFCB3DEB6711E5927081C5EB39C277"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>Adobed
                                                                                                                                                                              1!AQa2"qBRbr#3CS$1!QAaq2R?3jK/@zFKN_{A.(bV%A43jK$8Pf){qA0S_b>|^Q5[eHum."4QK"jy(PTE'=/t/d:
                                                                                                                                                                              @1wLuV03OQOon4j|`H~M>hf*_S@YE>H&f.{~IO=x[;jL,Oc9'1Z\uhk;,Tt/u7!&+KV~H5
                                                                                                                                                                              B"3u5 !Ci{(jaC qnkH.RNQKSu5 !'z^">D:k<=A)RAtM~JA;SjaM]!CKS=?$TBSO
                                                                                                                                                                              ){ _m^.\PbP1O!4%9SU"TW4Q/d\@!e%uDX)RHu4E(&6}tDL]$*z5A8T[\E$De/u/dU!WTB;QUCWWh/tEAKmL]ABDj{A%l,tJ/AmLguv<]TNcKGawW,tM(&CH%Q+NGc|}VQ>F[\4sW.@omm2m3:4sWtfw[O4.p]o/Q)a6Mx9~J_uD
                                                                                                                                                                              q<Q`ris\jj.#AcT>#lz[K9=<QvbtKj.DXDMWtm2OOV6_QoMz~sk=^d* RNJ.=}]51~&.]Ub{DNmiUUDXJ{A;R5wWUDXRjbQ1wCFrz^'j^UML\U]!WUDX{]{qUU4
                                                                                                                                                                              "
                                                                                                                                                                              ]{@BuWDdM$@?GK*>jD4 Q[O|rP}j&7RdD`l T@~Af6Rz ?oJ@a!jO5QML+>H(*#"?jJ7A||_[yH/[ j
                                                                                                                                                                              i]M~PYu$\6Eyh>9,uh.[F\uiHkBu"=Z$iEe6CEl^n|_$II/.ktWOH W$]dq@~I{y+ |hi
                                                                                                                                                                              Ph/7EAGQluD8 j<<hE&e!P'6PYy=5TMTC)9 <Xi^nC|~kl^nA~5zy-@E4`eAREi7P4`dtL\Rd7P H7RBua[COA<4fi\9LnxGT@7@ m~jWm=,GQTqd/p@><Tk<WwUzySd17+ZAT>2x;gc-M5^o |eTiGJ+l_70if;#zC|eu?GH4AsejoDPh_?PtFMo}SoN|e^!Q6_O 1?W#zA~9xjFg_T}sg_woN7~IIqmZUO;A jHnC{y~h"tVA|rHYMA&J+Ehl|_${y+ A/_$)9(R, ,^n;w
                                                                                                                                                                              ly;|r@6iF7}B)ppj-QS~(V{pH1p$UR,M[ sV0o~(1(ah.f i,iA05"k8*zh,A[[wUn&z#5vPh'S[
                                                                                                                                                                              ha!0eg?4$@}VEsDA
                                                                                                                                                                              'S5otg]T0j_B
                                                                                                                                                                              4SDNjg
                                                                                                                                                                              :a4M-5~huGFG!Cs7&ciEtW?sqZLkU]wUWmFk3wHs"W3lBFk$mss)g@ST[sTT`E~hk@u|^'sD]1Q[5!HC+{U5CM!_3AuRUh.jU5]T5hieT84OC+Ek{!WT'1t"4)[BCcCVPS_TW]TOnh.Q_hzZinjAtY b4)DUv
                                                                                                                                                                              YjnhP`n!PT0EA&j44c
                                                                                                                                                                              QBL?$aRC0LtGadO4RVeB4onV(:_o?DtvEts<Q7]tv7ukE.2N>)uw{lVN.f{_:D]3cFVZjEk[v~(768P\ #@luk~(.Vb*\0ADltqP<B55i"
                                                                                                                                                                              zV"h;
                                                                                                                                                                              YIwlph.3(t^wZm~J[vrzA<G@ph.3,tEWvG_q_?{s{go>.Fcq[,n\hD'V(6k1ss<QS=od;KTitE=on.A9v5o~(&z]T1psMX Y{A3*..4fUL k.
                                                                                                                                                                              +{Dk{pBTOVh"VCEWbsb
                                                                                                                                                                              35psELXa"(51pl5LXa zBC.kWYm{3Yb
                                                                                                                                                                              @R%Etd-g(.b5qHX CWg9EjXazK
                                                                                                                                                                              z~xTW39P,J3kH&\ 'Jb
                                                                                                                                                                              mqVXqYH OaX3ET5ApjADPQS@MD\e19P\ADR
                                                                                                                                                                              &,0
                                                                                                                                                                              br5pg(o$Q*%8Ev{ v0zG\j?[UqWl5c9rS9R5\3W
                                                                                                                                                                              5E-jXaFTIn*EYV@"MrZ\eHjTN9QTTqaL!|( Of)QH#X5pj*cAMD\eE>h5p 51ag1B$BPEV."()\H(hj?A^')EDa4?!S|=@k^,0D\e f>j
                                                                                                                                                                              | ~h( .25p,0
                                                                                                                                                                              NP4fjA
                                                                                                                                                                              L1adEPkrCNRg(*b
                                                                                                                                                                              j"(W
                                                                                                                                                                              M5NrQE`(R!A
                                                                                                                                                                              LAOE.9D\ E$9Am",0{^.2m|jSs 1 9p)V~xB7[g)N7iz[_jHtg%t1sU7]R(h9s&4D|}=z`Vk8AsQLMD\e@`HOQsY+LqF~ hZR#zXPP1akkEQ+Ms35qkG@!qFwMp`#@m"1a[qJiV6?JUI1sa:n>OM
                                                                                                                                                                              hZoAHnYDML\}XA:4SoWG/Vzw;ZQzE
                                                                                                                                                                              Ys7ZbJ
                                                                                                                                                                              _5ypXr .25 QTSQA*35pPQSAMD\eP*35p5PS@EUNpFE1&TSBzf\!&sjA3EP&95ps
                                                                                                                                                                              b/HDR"X"h."/ WRs)2<YXTFO$
                                                                                                                                                                              )HPfzaXVf2A8H62LRa"VYkCK\
                                                                                                                                                                              hd7E+ &,rAs4AYPegBKqDGn*P{By &,r!pK*LAy4j+@RogAMX .p'
                                                                                                                                                                              ()
                                                                                                                                                                              hb(j"JB7
                                                                                                                                                                              MXX(((Aqz Rgcw i';C?zsfov;jc}:|k=yZgIr3kozq=w,\Nlr Z
                                                                                                                                                                              kU~hs_e?+$5\E4
                                                                                                                                                                              y &,r"pz=H \"pS?$
                                                                                                                                                                              ("((4MSC9AE\8RC5
                                                                                                                                                                              SK[b'./\g.p \@y!a1c*4"4)48R-MXU("
                                                                                                                                                                              NO!T;P. >H(!Y$PQA8AAI|Jfp,r.pbB+341cEsN^A^qF@sXE\heB;(/3HPEK4N2@wQj,rsFqLhi-hiya
                                                                                                                                                                              XQ+`1a8A(%kNQl!@"9DIs+9?NQ@m\;iBnfmczk4oh?Q|Nuuk?YYl_$B1]0XEmq1(\4El9`b( 7MN2[GS?hl*441crDmM+@zBnb(18H:9Ht6spZZ,E\X'0[wPc"SX9MonS=~+zF}8hi,~,)H?o;z{o]_o7 HOg:E9fEik(Bb
                                                                                                                                                                              2024-10-30 16:52:40 UTC8000INData Raw: d9 41 a0 04 bd 72 ac 46 80 76 79 c6 14 46 c3 9a 5a c7 2a 8e 7a fb a3 4b e9 d3 5c 9c 28 b8 f3 9c c9 c6 55 8d 62 a4 bd 72 a8 85 64 57 18 52 2d 53 43 16 39 50 51 41 17 38 54 31 02 b8 ca a2 a4 bd 72 81 05 e4 57 18 51 37 e1 3b d0 c5 8e 51 0b b5 04 5c e1 15 1a 44 e3 28 2e 2f 5c a0 85 64 57 18 41 4d 0c 58 e5 03 c0 45 ce 15 42 43 44 e3 28 54 c1 9d eb 94 29 97 79 c6 11 19 9a 18 b1 ca ad 28 a0 8b 9c 20 8d 22 71 94 46 83 33 bd 72 81 15 99 c6 11 04 d0 c5 8e 50 51 41 17 38 41 10 d1 38 ca 2e 69 a3 3b d7 2a a2 15 99 c6 10 53 43 16 39 41 45 04 5c e1 04 69 13 8c a0 43 33 df 28 0e a9 0c 70 82 9a 18 b1 ca 0f 54 30 33 6e 2b ef a3 2c 34 cc 5c a2 74 1d 2d ea be 10 66 9a 83 da c5 11 1f 55 2f 7e 0a 01 db d3 7b 71 41 9e 9a 98 ce 11 3a 98 be ee 4a 41 92 37 00 45 05 8e 52 00 d5 c5
                                                                                                                                                                              Data Ascii: ArFvyFZ*zK\(UbrdWR-SC9PQA8T1rWQ7;Q\D(./\dWAMXEBCD(T)y( "qF3rPQA8A8.i;*SC9AE\iC3(pT03n+,4\t-fU/~{qA:JA7ER
                                                                                                                                                                              2024-10-30 16:52:40 UTC818OUTGET /wp-content/uploads/2015/06/box-identity-theft-preventer1.png HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:41 UTC8192INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:41 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Last-Modified: Tue, 23 Feb 2021 06:37:44 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 204709
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Type: image/png
                                                                                                                                                                              PNG
                                                                                                                                                                              IHDR|jh|pHYs.#.#x?v
                                                                                                                                                                              OiCCPPhotoshop ICC profilexSgTS=BKKoR RB&*!J!QEEQ,
                                                                                                                                                                              !{k>H3Q5B.@
                                                                                                                                                                              $pd!s#~<<+"xM0B\t8K@zB@F&S`cbP-`'{[! eDh;VEX0fK9-0IWfH0Q){`##xFW<+*x<$9E[-qWW.(I+6aa@.y24x6_-"bbp@t~,/;m%h^uf@Wp~<<EJB[aW}g_Wl~<$2]GLbG"IbX*QqD2"B)%d,>5j>{-]cK'Xto(hw?G%fIq^D$.T?D*A,`6B$BB
                                                                                                                                                                              dr`)B(*`/@4Qhp.U=pa(Aa!bX#!H$ Q"K5H1RT UH=r9\F;2G1Q=C7Fdt1r=6h>C03l0.B8,c"VcwE6wB aAHXLXNH $47Q'"K&b21XH,#/{C7$C2'ITFnR#,4H#dk9, +3![
                                                                                                                                                                              b@qS(RjJ4e2AURT5ZBRQ4u9IKhhitNWGwg(gwLT071oUX**|
                                                                                                                                                                              J&*/TUUT^S}FU3SUPSSg;goT?~YYLOCQ_ cx,!ku5&|v*=9C3J3WRf?qtN(~))4L1e\kXHQG6EYAJ'\'GgSS
                                                                                                                                                                              M=:.kDwn^Loy}/TmGX$<5qo</QC]@Caa<FFi\$mm&&!&KMMRM);L;L5=12`ZxZ,eIZYnZ9YXUZ]F%NNgm}agbg}}=Z~sr:V:?}/gX3)iSGggsK.>.Jtq]z6i4)Y3sCQ?0k~OCOg#/c/Wwa>>r><72Y_7Oo_C#dz%gA[z|!?:eAAA!h!iP~aa~'W?pX15wCsDDDg1O9-J5*>.j<74?.fYXXIlK9.*6nl{/]py.,:@LN8A*%w%
                                                                                                                                                                              yg"/6C\*NH*Mz5y$3,'LL:v m2=:1qB!Mggfven/kY-
                                                                                                                                                                              BTZ(*geWf9+7KW-Xj9<qy
                                                                                                                                                                              +V<*mOW~&zMk^kU
                                                                                                                                                                              }]OX/Ya>(xodff-[nVE/(C<e;?TTTT6an{4[>UUMfeI?m]Nmq#=TR+Gw-6U#pDy:v{vg/jBFS[b[O>zG4<YyJTig}~.`{cjotE;;\tWW:_mt<O\kz{f7y9=zo~r'w'O_@AC?[jwGC8>99?rCd&/~m|x31^VwwO| (hSc3- cHRMz%u0`:o_FIDATxup{U=#fYh90;A77m$CmY<05C4F;5P]uwJ)4Fh4gR?Fh4Z5Fh4Z5Fh4Z5Fh4Z5Fh4Z5Fh4Z5Fh4Z5Fh4Z5Fh4Z5Fh4Z5Fh4Z5Fh4Z5Fh4Z5Fh4Z5Fh4'S?cppBR!Dhklm;avq0MSX4T432gC[m @-mHk4-4*)L0f]y^k>ofL&JHR)R\R@Dhx<s\ [TRUNCATED]
                                                                                                                                                                              &P(r8eYD*OTB.JM|9
                                                                                                                                                                              HGe!l=eI0GF"hji#XV$^^fJ%A1fcb1**TVT$F P(RLly|9EP?X:zD(5FF9c/(\j(/j^(x0F,,"RYYEUUDP)u:`RL=v60X:z?8IQ>UFF90xiTz```NGGgS,Rbi<A*+*h4"*G*G^X@cr(<a
                                                                                                                                                                              ?z[,~6j4-d_iWI)_W(nkwl6R
                                                                                                                                                                              00@ 0*~b&X*kj$!%JoNT/PtEtH*:Whh4"Q00bsNzzz(@ P??PeYUUUPSSK@0Ry_[?qk)<qJh:,CeycEo'j4g0Lqm[l_0?qR
                                                                                                                                                                              ZbCyR(G;#B|pf+G}`,|,DFs#aYk7]ce:::fH)1M`0*s]DQp$4,\O|e8TJ1`!3dmc.tt
                                                                                                                                                                              FEP7:0sgbMd2y(0MD<NMmo5*
                                                                                                                                                                              u=P%#}:H
                                                                                                                                                                              GPI%\T3]Feq`,=~h5- \nY3kl^\4=!Q:UWH3DrGucNV.--!|96c,cIHq,zFEP<_a0IWoa{!R.
                                                                                                                                                                              Tu5'0LK\
                                                                                                                                                                              %jKw@;pCsF)]/K&:)/{wg#IdFF9)4y]]]37nMZ5ZQS],=F&>\oRy|f"K500K5p/J:Y^^FFs6`b4^ekyF"Fjj pr0$nc~DQ5vq*R*b
                                                                                                                                                                              :,E16pWF",Bw\qF6l@OOD00$Q[[K}C!
                                                                                                                                                                              ?w4{"~mb~"\jj@}lm<GF-_z\O!-SnNc5ky3d<WQHEu@<JhIojN/5letey[hj4&KKlRj*v9Bqjjo+Bb;~Mc^8j4a~meAIG*o-f<|,ag}6&SWWOm]u$*+!@y.3eN;N1 `JOcLh(_`tuCtt?WGk41cppPb,7m)OaTVVQ[@m]U?V|MH)2lm0uBR/T#S^*#QhO?dg/'jAbeYX,aO=EWwxf_jh5ob<Yw1!!`Jl/+7B9'0ITY44UQPPP-IK
                                                                                                                                                                              ?8ro<~0]Lu(b7cQ,~$ROw"8itjX95L]~]O>\xTVVA7wPB)S`H'Y`sGgv-M[j4%y/mClo#$4EMj"QDuM_*CTLbAxW02
                                                                                                                                                                              qKGpbOYShhN2 A}g5ke,=@0R6>P'wX_;llfww+C2S-`
                                                                                                                                                                              ds<LYnu46r1.(\R<=UN$2T-cA+W[TElZZKIkisy|9)NG)_#B?}j4GwJT*my*;;l32)).CEXsUm)GL5^rWd"pk/%di\:)a<.+VI[4$#&!$fb,F|RAFstt))a\9H@qH){>0
                                                                                                                                                                              K_#xCfY;l31%9xFUzD'rP){|7gC!R4$A4jR-B%,A+WID-rZ:d 1Jg'f,fs(bFhh^T{txP?0%lyj07=IeLC!Kj?CUirZ*fQZTF-A80$a/.K0c~[="uI''SHxJ1.+s;<;TM%OK&YUcS<@sE5xttZZsPY=6IbcmtQ<~TREP9s$pb%i~ WtefM{4%=~x^/#G.3.-e -
                                                                                                                                                                              OKBITK$+_FpmJG)/{;jj4/oOe<2$O/;d{_;~>#tCAAM:nIh:8-]QGCWKkN-l;:,==z"hNnMx;;ZI\*8ljwgw&/M4%E44b.8-]zNb!x9\n]WnSPN>-XOF &XpttOw=M=j4#c_/U,v"[<k{RcQ!AC3DG/GNK{Htii)A8`.7nMiJFFK3JgK&WE3AFs2x&#@!~AS"rX;lJ/%d=cK(JKr{FZG)_Gzy@*dR6FAZ2DeLyxaii"XTOwYqW~w8ivQFsk]"}aq3\`4k'y[~8+\$;aZzJcg==IuA< IM1?-22*HU<@CNCy/:-9/p]e)T6:K~qLA<Bq_R~>n;Z?@7]dswhCg?!UowNs<P(h
                                                                                                                                                                              :[D~s&
                                                                                                                                                                              G!7[z$-MGAlY4TWIhNqx'B&IPQp,:v-tb7-!E} 7t9)o4^WN'Hf
                                                                                                                                                                              +J Ruq r"IK{$tk8z)L*&5!toZWKWkc:-9eJCFsB`~{SfmVNzWgv'%s5t
                                                                                                                                                                              0hXTXQ*qbV


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              12192.168.2.44975750.87.253.1104433412C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:39 UTC801OUTGET /wp-content/plugins/complianz-gdpr-premium/assets/css/cookieblocker.min.css?ver=1720730547 HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: text/css,*/*;q=0.1
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: style
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:39 UTC344INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:39 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                              Connection: Upgrade
                                                                                                                                                                              Last-Modified: Thu, 11 Jul 2024 20:42:27 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 2782
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Type: text/css
                                                                                                                                                                              2024-10-30 16:52:39 UTC2782INData Raw: 2e 63 6d 70 6c 7a 2d 76 69 64 65 6f 2e 63 6d 70 6c 7a 2d 69 66 72 61 6d 65 2d 73 74 79 6c 65 73 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 63 6d 70 6c 7a 2d 76 69 64 65 6f 2e 63 6d 70 6c 7a 2d 68 69 64 64 65 6e 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 63 6d 70 6c 7a 2d 62 6c 6f 63 6b 65 64 2d 63 6f 6e 74 65 6e 74 2d 6e 6f 74 69 63 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 63 6d 70 6c 7a 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2d 70 61 72 65 6e 74 7b 68 65 69 67 68 74 3a 69 6e 68 65 72 69 74 7d 2e 63 6d 70 6c 7a 2d 6f 70 74 69 6e 20 2e 63 6d 70 6c 7a 2d 62 6c 6f 63 6b 65 64 2d 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 63 6d 70 6c 7a 2d 62
                                                                                                                                                                              Data Ascii: .cmplz-video.cmplz-iframe-styles{background-color:transparent}.cmplz-video.cmplz-hidden{visibility:hidden !important}.cmplz-blocked-content-notice{display:none}.cmplz-placeholder-parent{height:inherit}.cmplz-optin .cmplz-blocked-content-container .cmplz-b
                                                                                                                                                                              2024-10-30 16:52:39 UTC800OUTGET /wp-content/uploads/2022/03/palceholder.png HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:39 UTC605INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:39 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Last-Modified: Fri, 04 Mar 2022 21:10:28 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 322
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Type: image/png
                                                                                                                                                                              PNG
                                                                                                                                                                              IHDRpHYs+tIME
                                                                                                                                                                              #dtEXtAuthorHtEXtDescription!#
                                                                                                                                                                              tEXtCopyright:tEXtCreation time5tEXtSoftware]p:tEXtDisclaimertEXtWarningtEXtSourcetEXtCommenttEXtTitle'IDATc?4IENDB`
                                                                                                                                                                              2024-10-30 16:52:39 UTC818OUTGET /wp-content/uploads/2015/03/box-shieldapps-cyber-privacy1.png HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:40 UTC8192INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:39 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Last-Modified: Tue, 23 Feb 2021 06:32:47 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 185712
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Type: image/png
                                                                                                                                                                              PNG
                                                                                                                                                                              IHDR|jh|pHYs.#.#x?v
                                                                                                                                                                              OiCCPPhotoshop ICC profilexSgTS=BKKoR RB&*!J!QEEQ,
                                                                                                                                                                              !{k>H3Q5B.@
                                                                                                                                                                              $pd!s#~<<+"xM0B\t8K@zB@F&S`cbP-`'{[! eDh;VEX0fK9-0IWfH0Q){`##xFW<+*x<$9E[-qWW.(I+6aa@.y24x6_-"bbp@t~,/;m%h^uf@Wp~<<EJB[aW}g_Wl~<$2]GLbG"IbX*QqD2"B)%d,>5j>{-]cK'Xto(hw?G%fIq^D$.T?D*A,`6B$BB
                                                                                                                                                                              dr`)B(*`/@4Qhp.U=pa(Aa!bX#!H$ Q"K5H1RT UH=r9\F;2G1Q=C7Fdt1r=6h>C03l0.B8,c"VcwE6wB aAHXLXNH $47Q'"K&b21XH,#/{C7$C2'ITFnR#,4H#dk9, +3![
                                                                                                                                                                              b@qS(RjJ4e2AURT5ZBRQ4u9IKhhitNWGwg(gwLT071oUX**|
                                                                                                                                                                              J&*/TUUT^S}FU3SUPSSg;goT?~YYLOCQ_ cx,!ku5&|v*=9C3J3WRf?qtN(~))4L1e\kXHQG6EYAJ'\'GgSS
                                                                                                                                                                              M=:.kDwn^Loy}/TmGX$<5qo</QC]@Caa<FFi\$mm&&!&KMMRM);L;L5=12`ZxZ,eIZYnZ9YXUZ]F%NNgm}agbg}}=Z~sr:V:?}/gX3)iSGggsK.>.Jtq]z6i4)Y3sCQ?0k~OCOg#/c/Wwa>>r><72Y_7Oo_C#dz%gA[z|!?:eAAA!h!iP~aa~'W?pX15wCsDDDg1O9-J5*>.j<74?.fYXXIlK9.*6nl{/]py.,:@LN8A*%w%
                                                                                                                                                                              yg"/6C\*NH*Mz5y$3,'LL:v m2=:1qB!Mggfven/kY-
                                                                                                                                                                              BTZ(*geWf9+7KW-Xj9<qy
                                                                                                                                                                              +V<*mOW~&zMk^kU
                                                                                                                                                                              }]OX/Ya>(xodff-[nVE/(C<e;?TTTT6an{4[>UUMfeI?m]Nmq#=TR+Gw-6U#pDy:v{vg/jBFS[b[O>zG4<YyJTig}~.`{cjotE;;\tWW:_mt<O\kz{f7y9=zo~r'w'O_@AC?[jwGC8>99?rCd&/~m|x31^VwwO| (hSc3- cHRMz%u0`:o_FIDATxw\eO%B;"wDH!$!=lOqff7f7$aSz[<8
                                                                                                                                                                              "(
                                                                                                                                                                              "(
                                                                                                                                                                              "(
                                                                                                                                                                              "( 0P)>Y$$I\-IR$I3@#PoYVeYe,
                                                                                                                                                                              Kk&IxN$t@Skrn>hP"( 0e_,E8ugd2iTjZ2H$t:eYN0$:`.<9z`W,vwB\1AY,/ey$IXu\6tuuEoo/dl6K:"qh8W1_UD6{<IlW;- aITU]&It:]mmm.Rib6$^4(xx<N$AUU<+>8ay+Ge_~{Ag|g{N&Yioo\.H({?]D"TVVHT$}ldoI.b!]Q~w SU)r(2MwvAss3r9dYFQ.,h4[$~E&<]_1W$).|9OhW
                                                                                                                                                                              W,_fnmmmmoT*y((^$~*pJ*++D"(mI2kUDm!3{&2PlU(riB(0+ xRXQ3E2]4ml6r\Q+kXj***xWT)|pl!ODr?C*#lg2j\n]/~8zg,c/{U.}]^sULaro}4}5(g65Uxr1YvQ
                                                                                                                                                                              >E9YU7}Y{{_~7_A3HlFe TWW!_4I$<$0_:gPwHh~ :06q:IJB8]8!R4u{zzNeqFvM*BeTU0:8Dh4,M.#$I{|#\#0@cLq/
                                                                                                                                                                              P5;3b /% 'QEQ.T-t[^z%mF__"DQ*)
                                                                                                                                                                              yiJ=K@8JRi6OgO6@$I$n{Iq7^G( ,jvmohkka6nH{{;^x<NuuWYYI u]rR$<jHS*:<K&RTR<f9`F5pb b_ XPd1#XA$Ey(oO$_^{cL'r-^Bi8#r9
                                                                                                                                                                              NVtWPY8YdqOFhs2Ra`8;Je{y?&./SJc ,KUUuZZZ_6yiyA*++B_Er|BGv#E`' ?np&
                                                                                                                                                                              X8ByR_%'8(rIl1fWE/UUUeKP7Qo$Wn5$I{RU!a_lX*1ZRv'8]]Fbb?~uts,f@e@;W 4MBtuu~z^|E=TUEQ^(B$|'GXGX&epAXdpeY.G@]6.Nvpt_\
                                                                                                                                                                              +A</r]wzj6l@__,#2a_EEEmR&D5WQw(*, tL#lbpt{yXh(th]?d6nXuV2
                                                                                                                                                                              q`W<Dx4upDru$m"1!/@Q.:|a0aD .{p eOL&5kV\;qbXeY{IFzB*((wX+99XPWbp<|5dhAcxTyUgy={(JQFl`FSl'+$(I
                                                                                                                                                                              mdA$$$l.}\|_doR[KR<U1=c%xm "IR`&J88R@AC.4\-V
                                                                                                                                                                              >3477
                                                                                                                                                                              9s&X`08RnmDO{Q.g]{ueH$<B<#FTcTVFAH(*,!K2,Yt6Usd2#D]|:i3M9:m#>?&BWyW"EwA8"~uO>$DQ/^L(BU1s{ou8D-l{&p=:VdsXEWOoFBedYBQ]'
                                                                                                                                                                              D!*q*+c" HX,B(@44UEb**t{s&M?C(Ge0j66<1,-."B8_
                                                                                                                                                                              'w?lii9rp8K&c!!S*$dv
                                                                                                                                                                              89,K2>iYd{L:z|zxxESIP5c
                                                                                                                                                                              RRFcHa`:A@T$IJH~S,>0
                                                                                                                                                                              DZ`p_u,a#a'wuvv{u]fY
                                                                                                                                                                              >LdYBUGSs+[bg{1-EVPUo|s's-4'W<Y}0%EDtEH$L(
                                                                                                                                                                              aiUS}I"fq=qqBXzo?1@o9cd>xktc@#lSTLc{0PLqW"( 0
                                                                                                                                                                              ][y*Ij^+%2B'IRQCt:=m;hi N~;YzRx4p=l.G&{@s]48,
                                                                                                                                                                              D!*Q*+"hx4B0|j1zJHkdykN'ZG1nYlD^WA_(7O/PdgWn-av^SoG<=oJ=_fq,^a7Ka
                                                                                                                                                                              EKCCjiZp!zukql_1G^:;WBAN=AJjy$S)v45m.Mk['LITk1MiKb0ph pQ`TPR-} T
                                                                                                                                                                              wp$pr=.cq4&#Ey
                                                                                                                                                                              I*<[4nV*d_DP@#Z)<(
                                                                                                                                                                              9/w~U`u9GKKEKaWKKu"_-WK~BA]F>DF=Oy)9^q4r[<
                                                                                                                                                                              V:Tbpt0e~8:Y/~ dT/:O&inig]ln2,$
                                                                                                                                                                              8Kk#l_KqP4RTE%CA(D#xxp8_xI>{1Bhq_G9!_q#\n|<)lE-{A2V/ $ucVaaE9Eam;|XT%YFihX4B4WLWVD+98,-+aarXzu+tJm8*3{82We#zNk.=:tg=ua-:';r,P{O-,r,2"KBTTDCy`M4?,K{EZPU*T<Rcpj9t?'P
                                                                                                                                                                              869Pt*N^'5Xfc_H8Q5
                                                                                                                                                                              2024-10-30 16:52:40 UTC8000INData Raw: 59 92 49 67 32 ec 6e 69 63 fb ce 26 b6 6e 6f a2 b9 b5 9d 64 32 85 e7 79 be a1 b3 32 79 b9 7e e3 3c 2b 45 2b 17 81 c9 57 a8 fc 33 9e bf df 26 24 2c ed 21 e1 17 1a 19 01 83 a0 61 60 18 06 e1 50 a0 58 1d 5d 08 4b 57 c4 a3 c4 e3 31 22 21 bf 5a 3a 60 18 04 03 46 fe de 3d 78 c3 d2 c3 15 59 0c 55 01 c7 42 c2 f6 75 fb b1 90 cb 52 61 df b1 14 99 8c f5 3c 0d fd d9 48 1e 8c 65 86 95 c7 0b 23 ff 8a 03 8d 9e e7 ad 18 e6 7d 3d fc 90 73 1b 7e f5 73 81 38 16 c2 d1 3d 0c 74 7a 69 63 0a e5 2e 0a 22 28 20 30 45 48 df 48 a1 94 f1 0c 6a b2 2c e7 43 b9 2a b6 6d d3 d3 d7 47 d3 9e 82 a1 73 33 dd 3d a5 0c 9d a7 2e dc 83 80 05 4a 9e 8b 83 8b 27 6b 28 87 09 6b 1d 6b 58 da c9 87 a5 dd c1 d5 d2 9e 87 eb 0e 84 a5 b5 bc af 62 a1 5a 3a 1a 09 13 8b 45 89 86 43 44 22 e1 a2 2f 63 b4 60 e2
                                                                                                                                                                              Data Ascii: YIg2nic&nod2y2y~<+E+W3&$,!a`PX]KW1"!Z:`F=xYUBuRa<He#}=s~s8=tzic."( 0EHHj,C*mGs3=.J'k(kkXbZ:ECD"/c`
                                                                                                                                                                              2024-10-30 16:52:40 UTC8000INData Raw: fc f7 e9 95 9c 71 ea 89 cc 9b 3b 1b 4d d7 59 30 6f 36 6b d7 6f e0 7d ef 78 0b cf af 79 91 9d 4d 7b e8 ee ed e3 57 d7 ff 99 f9 73 67 73 c5 e5 af 66 de dc d9 cc 9c 39 9d 37 5f 71 19 cd 2d ad 3c f4 d8 bf 51 0b a1 de 9c 59 1c 80 1c c7 a1 a6 ba 9a 93 8f 3f 16 4d d7 68 ac af 63 63 5f 3f 86 a1 f3 f4 ca 55 3c fc f8 13 a8 8a 8a 61 e8 28 8a 4c a8 9c 16 70 87 dc 48 0e 92 23 a1 74 f9 c4 39 57 61 32 6d fa 34 1c cb e1 fd 1f fd 2c 8b 17 ce e7 0d 97 5d c2 07 3f f9 05 3e f7 c9 0f f1 f6 37 bf 01 d3 cc f1 d9 6b bf 41 65 65 05 c7 1c 79 04 75 75 d5 84 43 21 34 55 c5 71 1d 96 2e 5e c8 b2 a5 8b b9 ed ae fb 79 e0 e1 c7 f1 3c 9d f9 73 20 ac 59 d8 96 47 7b 57 10 59 2a 3d 71 58 b6 cd 45 e7 9d c9 69 27 1f 4f 6f 5f 3f 37 ff f3 76 62 d1 48 fe f7 10 0e 05 d9 b1 73 37 db 76 ec e2 88 25
                                                                                                                                                                              Data Ascii: q;MY0o6ko}xyM{Wsgsf97_q-<QY?Mhcc_?U<a(LpH#t9Wa2m4,]?>7kAeeyuuC!4Uq.^y<s YG{WY*=qXEi'Oo_?7vbHs7v%
                                                                                                                                                                              2024-10-30 16:52:40 UTC8000INData Raw: e3 5f 39 f5 a4 e3 79 c7 5b ae 60 eb f6 9d bc bc 79 1b 3b 76 ee 46 51 55 6c db a6 ba aa 92 ae ee 5e 34 4d c5 b2 2c 1c c7 ef 40 a2 6b be 5d 8d eb ba e4 4c 13 55 51 f6 ca 35 b4 91 58 66 a6 39 21 9b 60 96 95 23 25 2b 2c b0 b2 9c 9c 4d b0 53 d5 49 cb a5 8b 37 e4 ac 84 67 0c 88 8a 92 29 21 59 12 9e e1 0d db a8 44 02 34 cd 41 d3 9c c3 e2 d1 28 b7 0a 78 22 c9 62 39 aa 60 b9 fb 34 d9 66 d8 53 2d 5f 50 10 41 01 81 29 00 5d d3 d8 b9 ab 89 af 7e f3 47 cc 9a 31 8d 37 bc ee 12 ce 3e e3 14 36 6d de 8a 22 cb a4 33 19 ea ea aa 69 a8 af a3 a2 22 ce ec 99 d3 99 3f 6f 36 47 1f 79 04 0f 3c f2 5f fe f9 ef ff 60 18 06 2d ad 6d d8 b6 cd 0d 7f fd 27 aa aa a0 6b da 21 12 12 ce 0f cc 53 2d e1 5a 02 37 e0 a1 24 14 62 37 86 e1 59 0f e5 d2 24 b7 9b b3 b9 e3 e1 b9 bc b8 a9 16 d7 95 08
                                                                                                                                                                              Data Ascii: _9y[`y;vFQUl^4M,@k]LUQ5Xf9!`#%+,MSI7g)!YD4A(x"b9`4fS-_PA)]~G17>6m"3i"?o6Gy<_`-m'k!S-Z7$b7Y$
                                                                                                                                                                              2024-10-30 16:52:40 UTC8000INData Raw: 23 9f 17 d8 de d9 45 22 99 22 18 08 10 0a 06 d8 d3 d2 86 eb b8 20 49 68 9a c2 bc 99 b3 58 fb d2 46 ea 6b 6b b0 2c 8b fe 64 02 2d ef 1b a8 aa 0a 8d 0d 75 24 93 69 1c c7 2d cb 6c 55 91 65 1c d7 45 51 64 5c d7 c3 34 4d 5c 0f 02 86 fe 8a ea dc 52 84 70 22 2a f4 46 eb 12 32 1e 68 9a 4a 77 6f 2f 3f f9 e5 0d 6c cc ab 6e 05 35 d7 74 4d 0c dd 20 10 30 70 1c 97 5c 2e 87 65 d9 28 8a e2 f7 53 06 5e da b4 85 55 ab 5f e4 8d af bb 98 b7 5d 79 19 e9 4c 66 42 27 0b db 76 78 fd 6b 2e e4 fc b3 4e e5 85 75 2f 71 d3 2d 77 62 59 83 34 40 e9 f0 26 7d 62 bc 19 1f 0a f9 c1 02 07 1f d9 15 44 50 40 e0 20 7a c8 ab aa 2a 5e a1 e8 15 ec 5c 0c 43 27 10 30 8a b9 7b b2 2c b3 7b 4f 2b 91 70 90 78 3c 56 34 8b 96 65 99 ae ae 1e 32 d9 2c b2 a2 50 5f 5b 4d 20 60 d0 d2 da 41 30 68 90 4e 67 c8
                                                                                                                                                                              Data Ascii: #E"" IhXFkk,d-u$i-lUeEQd\4M\Rp"*F2hJwo/?ln5tM 0p\.e(S^U_]yLfB'vxk.Nu/q-wbY4@&}bDP@ z*^\C'0{,{O+px<V4e2,P_[M `A0hNg
                                                                                                                                                                              2024-10-30 16:52:40 UTC8000INData Raw: a2 1f 89 68 a4 24 27 b3 7c c9 02 5e 7e e3 12 92 28 d2 da d6 3e 48 81 40 51 14 ea 2e 35 b0 79 eb 0e 02 7e 1f 5a 44 e3 ee db 37 f0 bb 4f 7d 18 01 62 dd 62 6e 58 b9 8c 05 f3 ca f8 9b 7f fc d7 2b cf 57 14 b9 f7 8e 9b b9 71 ed 0a fe fa 1f ff 85 d6 f6 0e 74 4d e7 be bb 36 72 d7 ad 37 a1 45 34 74 dd 40 14 04 9e fa e8 c3 6c dc b0 96 df fc f6 0d aa aa cf 21 20 52 56 52 cc fa b5 2b 28 2b 29 8e 75 92 19 c9 c3 36 da 9c c0 c9 b2 4b f1 3c 7f e3 29 3e 99 6c fb e7 11 41 0f 1e a6 89 17 6e ba 49 b2 8c b7 2d d3 44 1b af a9 90 74 18 ee dc f7 dc 71 33 7b 0f 1c c5 72 dc 30 58 6b 7b 07 ff fd d3 5f f3 a7 ff e3 b3 a8 d1 5e bd 43 41 12 45 02 01 3f c7 4f 9d e1 d0 d1 93 3c 7c ff 1d 71 73 b1 5c 3f 96 c3 ea 15 8b 79 77 fb 1e 64 49 a2 a6 b6 9e d6 b6 0e 4e 9d 3d e7 86 36 1d 87 b9 a5 b3
                                                                                                                                                                              Data Ascii: h$'|^~(>H@Q.5y~ZD7O}bbnX+WqtM6r7E4t@l! RVR+(+)u6K<)>lAnI-Dtq3{r0Xk{_^CAE?O<|qs\?ywdIN=6
                                                                                                                                                                              2024-10-30 16:52:40 UTC8000INData Raw: 91 1d d6 41 0a 84 1c 16 08 65 2c 13 16 50 28 e4 a0 a0 62 62 91 48 16 d0 74 49 66 1f ed e2 2a cb 32 75 97 2e 73 f0 c8 71 02 01 3f 96 65 23 08 02 9f ff f4 93 dc b8 76 05 ba 6e 60 45 17 bf 82 fc 5c 16 55 56 f0 e0 3d b7 f2 f5 6f ff 27 87 8e 9e 44 10 85 98 77 70 2a f4 dd fa de 9f df a7 f2 f9 4f 7e 94 17 5e 7d 0b 4d d7 79 f4 81 bb c9 ce ca 40 d3 f4 b8 f9 4a 3e 9f ca d3 cf be cc 1b 5b de 27 14 0e 33 2b 2f 97 9b d6 ae c0 61 ec d2 38 a3 4d e2 ef eb 91 1b cd 78 0d 15 ce 1d cb b8 4f 97 b9 3a 99 de ba a1 74 13 47 d3 76 6f 20 26 8a 04 4e 57 ed d3 b1 de df 74 26 81 1e 11 f4 e0 61 1a 19 76 51 14 47 34 34 89 7a 11 1c c7 01 45 71 25 4d 0e 1c c0 7a fb 6d 68 6c 74 49 a1 cf d7 d7 b2 e1 e8 3a 3a 2a 1a 3a 7e 14 44 ae 54 ed 09 80 1c fd cf c1 e1 a2 d3 40 8d 73 91 ad ec a5 58 98
                                                                                                                                                                              Data Ascii: Ae,P(bbHtIf*2u.sq?e#vn`E\UV=o'Dwp*O~^}My@J>['3+/a8MxO:tGvo &NWt&avQG44zEq%MzmhltI::*:~DT@sX
                                                                                                                                                                              2024-10-30 16:52:40 UTC8000INData Raw: 91 b3 6c d7 b3 d9 9b 2f 99 c8 33 8c 77 be 89 ea 48 32 d6 9e af c3 91 c7 99 3e 2f af 56 1f dc 89 2e 4a 19 ce 46 8c 56 ac 7a 60 7b cb 89 78 c6 63 25 9c 93 09 4f 50 da 83 87 99 48 08 6c 07 5f 50 41 13 7d 58 0e 74 86 6c 74 73 b0 b8 70 6f 8e e0 b7 be f5 2d ce 9e 3d cb 5f fe e5 5f f2 f9 cf 7f 9e d7 5e 7b 8d 6f 7c e3 1b dc 7f ff fd fc e9 9f fe 29 67 ce 9c e1 17 bf f8 05 d5 d5 d5 a4 a5 a5 f1 95 af 7c 85 9c 9c 1c be f6 b5 af b1 7d fb 76 7c 3e 5f 1c 83 2d 00 26 92 d0 06 48 80 85 65 67 e2 38 12 93 d5 f5 62 26 57 98 8e b4 28 0c f4 04 c4 23 c2 43 91 e8 be df 1d e8 59 18 89 1c 0e b5 f8 5c f9 ac 93 d0 f7 fa 7e c6 b6 6d 0c d3 44 d3 75 34 5d c7 34 cd 51 3f b7 be d7 df f7 3e 46 f2 c8 0d f7 fd a1 ae 7d 50 35 7c 9c ef 25 f2 99 99 3c 37 c7 43 02 a7 5b 6b b7 91 2a 82 87 6a 2f
                                                                                                                                                                              Data Ascii: l/3wH2>/V.JFVz`{xc%OPHl_PA}Xtltspo-=__^{o|)g|}v|>_-&Heg8b&W(#CY\~mDu4]4Q?>F}P5|%<7C[k*j/
                                                                                                                                                                              2024-10-30 16:52:40 UTC8000INData Raw: c4 5d b7 6d e0 7c 6d 1d 35 e7 eb 10 45 91 59 79 39 1c 3a 7a 92 82 fc 5c f2 f3 72 38 71 ea 0c aa a2 90 95 95 c1 f3 2f bf 89 16 2d 26 52 15 05 c7 76 c8 cc 48 23 39 29 c8 e9 33 35 c8 a2 48 7e 5e 76 2c a7 d4 f5 e6 f6 21 c5 0e 38 38 e8 ba 81 aa b8 61 7f 4d d3 51 14 25 b6 39 70 a2 73 4c 92 25 82 c1 20 86 69 02 8e 5b 15 8f 10 0b cb 1a a6 c9 e1 a3 27 a9 bb 74 99 48 24 42 49 71 21 65 25 c5 6c df 73 80 a6 16 37 7c 1f 0c f8 b9 dc d8 cc 6f 5f 7d 1b 41 14 68 6e 69 63 fe dc 39 14 e6 e5 22 89 22 8e ed 50 54 90 c7 85 da 7a 02 01 3f b3 f2 72 e8 ec ec a6 a4 b8 00 d3 b4 48 49 49 22 33 23 8d c6 a6 56 f2 72 b2 99 95 97 83 00 e4 e6 64 d1 d2 da 4e fd a5 46 54 55 65 e7 de 83 74 75 f7 70 e9 72 23 a5 c5 85 98 58 53 46 e4 46 43 f0 86 6b c3 e7 11 41 0f 1e 3c 4c 2a 29 f4 da 25 4d ee
                                                                                                                                                                              Data Ascii: ]m|m5EYy9:z\r8q/-&RvH#9)35H~^v,!88aMQ%9psL% i['tH$BIq!e%ls7|o_}Ahnic9""PTz?rHII"3#VrdNFTUetupr#XSFFCkA<L*)%M
                                                                                                                                                                              2024-10-30 16:52:40 UTC8000INData Raw: f9 ef 11 cd e9 41 22 47 7a a6 c3 a5 6c 5c eb e3 31 1a fb 15 4f 7b 75 38 a9 b0 a9 1c 47 8f 08 7a f0 30 d3 0d 14 32 66 db 01 92 c4 a3 68 11 91 e4 8a 45 9c 3a 3d 9f b6 0b 9b 59 b2 46 27 98 9a 86 a9 3b 60 8d 55 bb 0b 4c dd 41 92 15 16 de a0 d0 74 f1 08 07 5f af 67 fe 86 8f 90 53 28 12 69 3f 8d 11 31 b0 f5 30 c1 bc 52 94 40 d2 20 89 99 c9 30 6a 89 b4 cb 9b 28 62 38 12 61 9f e2 0e 03 d3 ca fb 31 9e 85 73 28 12 31 30 07 d2 c3 d5 dd b8 4e c5 1c ba d6 bc 89 a3 f1 da 4f 04 e9 f4 88 a0 07 0f d7 91 81 ed 0b 51 52 71 04 3f b2 2f 99 bc 9c 1e fc 99 cb 39 76 60 36 5a f3 2b ac b8 c9 07 52 c0 25 81 13 72 cd 60 e8 90 5d 98 4a 30 a5 83 23 3b 7e 82 b1 e6 29 e6 af 5c 82 63 ab 34 d5 35 12 b1 6d 1c 26 c7 88 8d a6 2f f2 ff cf de 7f 87 c9 71 a5 67 9e e8 ef 9c 30 e9 cb 3b 14 bc f7
                                                                                                                                                                              Data Ascii: A"Gzl\1O{u8Gz02fhE:=YF';`ULAt_gS(i?10R@ 0j(b8a1s(10NOQRq?/9v`6Z+R%r`]J0#;~)\c45m&/qg0;
                                                                                                                                                                              2024-10-30 16:52:40 UTC651OUTGET /wp-content/themes/shield-apps2/css/icomoon/icomoon.ttf?dzxhyb HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              Origin: https://shieldapps.com
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                              Sec-Fetch-Dest: font
                                                                                                                                                                              Referer: https://shieldapps.com/wp-content/themes/shield-apps2/style.css?ver=1.0.1
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:40 UTC3651INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:40 GMT
                                                                                                                                                                              Server: nginx/1.25.5
                                                                                                                                                                              Content-Type: font/ttf
                                                                                                                                                                              Content-Length: 3316
                                                                                                                                                                              Last-Modified: Thu, 15 Aug 2019 07:49:20 GMT
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              X-Server-Cache: true
                                                                                                                                                                              X-Proxy-Cache: EXPIRED
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              0OS/2`cmapVTgasppglyf(
                                                                                                                                                                              xhead
                                                                                                                                                                              [G
                                                                                                                                                                              T6hhea
                                                                                                                                                                              $hmtxD
                                                                                                                                                                              PlocaTH*maxpO, nameJLpost 3@@@ 8
                                                                                                                                                                              797979f
                                                                                                                                                                              #"34&##"34&#"34&fffff3@@'3"1032>10.".54>324632#"&jPPjjPPj5]F((F]55]F((F]K55KK55K@vvzzzzvv(F]55]F((F]55]F(5KK55KK%nH+"'&5&547632#"'&'&'&#"#"'&547676323276767632%%$I{X"$$((*m
                                                                                                                                                                              !i=65H$$%*,*%LBSE!35#35#35#!5!5!!5!@@@@U*+
                                                                                                                                                                              7!!3!TTV*7'.'7#%5@@;2cN@@@@2;N,8I%2+"3!2654&+"&5463!2654&#!"3!74632#"&!2#!"&5463k U$22$#22#U I 2##22#j#2KL'&4762"'&4?3





                                                                                                                                                                              VU 0654'&#"3476323475#2#"'&5476(22FF22T""42T22T*}}}}}}}}(8F2222F"""66BB6TT}}}}}}}}` `*"32>54."/1'&4?62762VqAAqVVqAAq)v)`AqVVqAAqVVqA)w)f*!"3!2654&!"3!2654&!2654&#!"3Hpp[p3%Z6B#"'&'&'&5476767632&#"32767676767#5!%##5#5353521\\wUNN88!!!!88NNUuqCdF<<####<<F/((xxwwxw]\54!!88NNUUNM88"!nm@##==HH==#$$"FxxxxwwI%;#"'327&'&'327&'&=&'&547&5476326767'6,,=>VVbe<0/@**',&Eccr66MP6?7<658(JJJDD45SO#$832C)(02+U34M66;!B$6$#"3###53547632$Z1;<cT.)lN|k:;nb9#37+"'&547632#4'&#"#654/3#6767676320//01$$b;<R7***5/<""S [TRUNCATED]
                                                                                                                                                                              R2LzL2nM`6uK
                                                                                                                                                                              g=| R
                                                                                                                                                                              4icomoonicomoonVersion 1.0Version 1.0icomoonicomoonicomoonicomoonRegularRegularicomoonicomoonFont generated by IcoMoon.Font generated by IcoMoon.
                                                                                                                                                                              2024-10-30 16:52:40 UTC819OUTGET /wp-content/uploads/2015/05/box-ShieldApps_Webcam_Blocker1.png HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:41 UTC8192INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:40 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Last-Modified: Tue, 23 Feb 2021 06:37:05 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 189682
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Type: image/png
                                                                                                                                                                              PNG
                                                                                                                                                                              IHDR|jh|pHYs.#.#x?v
                                                                                                                                                                              OiCCPPhotoshop ICC profilexSgTS=BKKoR RB&*!J!QEEQ,
                                                                                                                                                                              !{k>H3Q5B.@
                                                                                                                                                                              $pd!s#~<<+"xM0B\t8K@zB@F&S`cbP-`'{[! eDh;VEX0fK9-0IWfH0Q){`##xFW<+*x<$9E[-qWW.(I+6aa@.y24x6_-"bbp@t~,/;m%h^uf@Wp~<<EJB[aW}g_Wl~<$2]GLbG"IbX*QqD2"B)%d,>5j>{-]cK'Xto(hw?G%fIq^D$.T?D*A,`6B$BB
                                                                                                                                                                              dr`)B(*`/@4Qhp.U=pa(Aa!bX#!H$ Q"K5H1RT UH=r9\F;2G1Q=C7Fdt1r=6h>C03l0.B8,c"VcwE6wB aAHXLXNH $47Q'"K&b21XH,#/{C7$C2'ITFnR#,4H#dk9, +3![
                                                                                                                                                                              b@qS(RjJ4e2AURT5ZBRQ4u9IKhhitNWGwg(gwLT071oUX**|
                                                                                                                                                                              J&*/TUUT^S}FU3SUPSSg;goT?~YYLOCQ_ cx,!ku5&|v*=9C3J3WRf?qtN(~))4L1e\kXHQG6EYAJ'\'GgSS
                                                                                                                                                                              M=:.kDwn^Loy}/TmGX$<5qo</QC]@Caa<FFi\$mm&&!&KMMRM);L;L5=12`ZxZ,eIZYnZ9YXUZ]F%NNgm}agbg}}=Z~sr:V:?}/gX3)iSGggsK.>.Jtq]z6i4)Y3sCQ?0k~OCOg#/c/Wwa>>r><72Y_7Oo_C#dz%gA[z|!?:eAAA!h!iP~aa~'W?pX15wCsDDDg1O9-J5*>.j<74?.fYXXIlK9.*6nl{/]py.,:@LN8A*%w%
                                                                                                                                                                              yg"/6C\*NH*Mz5y$3,'LL:v m2=:1qB!Mggfven/kY-
                                                                                                                                                                              BTZ(*geWf9+7KW-Xj9<qy
                                                                                                                                                                              +V<*mOW~&zMk^kU
                                                                                                                                                                              }]OX/Ya>(xodff-[nVE/(C<e;?TTTT6an{4[>UUMfeI?m]Nmq#=TR+Gw-6U#pDy:v{vg/jBFS[b[O>zG4<YyJTig}~.`{cjotE;;\tWW:_mt<O\kz{f7y9=zo~r'w'O_@AC?[jwGC8>99?rCd&/~m|x31^VwwO| (hSc3- cHRMz%u0`:o_FIDATxwxp%6`{%HR%$:I@`pl,Yni[T,r=;9s{A @!] @ DP @ DP @ DP @ DP @ DP @ DP @ DP @ DP @ DP @ DP @ DP @ DP @ DP @ DP @+Q.v{k$IdY$P@/PhFa9ad,KWEx$e%J0++7*l6%m@3[@ "(z<LQ8= B@ @KK---a,DQTn7 [TRUNCATED]
                                                                                                                                                                              $YecY+D0M@P*Z`w[ {5$QUu$ISBqLDJ$IB4rssc&U56PSSC4ETUrX$,qpg^uG&2y&q,5@ DP h%>fHdreee7S^^NMMb1lF";'\.-6Sf-hjj,TUEQnwox-vPOk:Dt1NSJ YrE9DQ#R6oLSSXYQUUqQG^^CMu}& iPw%o]a$%qSzIYHG(
                                                                                                                                                                              !.ih%%%l*B(
                                                                                                                                                                              zZl"77K8lS9_d0LUQQU;[2)Tt3^@ DP lE9TQc6mvZ_Ouu5X,u -~BeF/]T^A(AK|UIX
                                                                                                                                                                              wp}`oeC.NknH7&e1)]A`AVegyJMMbV^TrJldee'nTnfe__Bmm(.4"St_Q JT:zZb{!B9$4TV^Myy9PYQ*smFur"dkgc&[pEBUn(. 7yvZimSOk:D:D1)v@ DP ~PXEQG_>so#_MVV&R}C3o+*FHhs0'yu]FIq,5DttLZ@@ <EsM<zUXz55556-m=qIee5[2$4UQqvu{!70 y
                                                                                                                                                                              ttHb*E~Q "(vX$)KQE(b
                                                                                                                                                                              mDdYNF 3#4@(_A*L qTUE\}@r>SikI`R'8;ajK!fd@@ YzmVVV[bV>-r}|$444`rJJKdWNG{vQ,f[.0m#RXnNd!v@ DP PE9FUKW.Yd$Iv;aQUSE(Ijhl6UjEooCbKw]IAl!Q9)F+h(
                                                                                                                                                                              ?8r5M;SK_b/:=r:>EI+C88..km=VPUtO0mlZuS\@@ $[/^UVhinn#`5mDmmdUu).Km'2<`t7hn}::h@JG DP 2UxWg/\p\*iQWHYyill4-C~zd$mJrv)a61Z M$
                                                                                                                                                                              ]*H_lIn/!3Ek#YK,q7M6%R^/^H4
                                                                                                                                                                              +*%I6vNvm-$L\Q0"`NhMG]H"JG:Z "(81)?]p{yTWW!2.`05\YEm]=hIEQ5}>o2],((XNj)#
                                                                                                                                                                              OlLaISQh[^A%#5MC<?oP^^aajj4e)!;IPE>/G^^abYNMF!=HJ!5$o.IQ5"]B~uZI...Yz5M74SWWO0-ENb]!I`:+,Ih"KeYHNSq\GIaWK7lcIabuRH-b

                                                                                                                                                                              ,X@IIY`0L<qH* Q?PeUOS9)p[9$-#|mfGdYR:b(bJ;nw3`|7e:4y"uL=h#DP <}l~ooY7UUx=!~[EESTEAvbv-]_J>mt*%Q`fTO@R7N%-.vA@ve,]v_GQUMUEdq;)zeL(JmKhv&BT+:5]Eb6JG7(I+"(.N=s?^IF55%U){wU#tN]gi vNEZZL]&ummuJ"(h/r*H{;]~X$'iV:-1ii";y6m$"imSI"XE"
                                                                                                                                                                              !~v9|vQd)SUTEAvtm8t4
                                                                                                                                                                              vV:)d8V:D::zGAc! &'/O;-yaL_V-"-tl@uNmR
                                                                                                                                                                              IKITJ$N>.DP )sW`Vk"FqgUKw6&^DndZU:Vh!Q@ YM/~tCgyv~aLIjQ:0
                                                                                                                                                                              v3V:)dTtDUt*L~]JNXF
                                                                                                                                                                              ;Q;vQDCoD^aL]PlMF2vqkF.e26s58Nz]"(YE&Km,iZr<iN?C@ee/O[[tWyjin:'oMviNJaS]RmtZ1a"(xNtRE_"%'% {l_tCOI;HfF7S=Q-6Q:EZZJR6-Db&/r!'s%Uk[6'R;sL89qky=n/qIBw0Bxw,jwgiiQ--Ml??A@cd8#l=Y`dN#{03TKm`#3ba>d\}mQ-D$%Y_Q`eB~Lo,*
                                                                                                                                                                              _MCwk=t9M<c)Qz8C eG$3sY~52!U+mme+A(]z
                                                                                                                                                                              '4.EMV*?ib6nn7NDjwFdIXG"#k )VPzI#qI0%e;?UU^SR--!$I.Py@~mc&EE~ZzILr,-X`Hm$5dPkZpQ^&|GLGcGrldIcZz[fKZZBJrHIX%j,+HRBg,5MSs9)S!##Ycp]EXJaWcF Q$LXJhPC%8fGy/s%_,CDp;'L+_>ai_b1AZ
                                                                                                                                                                              SliJGux,CU5$Ica|||N<x_z'<`0&<10<@54d; ENNG}O$qcQ$ "IZ<IbbqLLQEAQTdYF[/ Rz69$YIT*'t]kw<GTUiwjamH1c1M]/x&
                                                                                                                                                                              2024-10-30 16:52:41 UTC804OUTGET /wp-content/uploads/2020/02/partner_logos_c.png HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:41 UTC8192INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:41 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Last-Modified: Fri, 07 Feb 2020 17:48:49 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 26000
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Type: image/png
                                                                                                                                                                              PNG
                                                                                                                                                                              IHDR
                                                                                                                                                                              pHYs.#.#x?v
                                                                                                                                                                              OiCCPPhotoshop ICC profilexSgTS=BKKoR RB&*!J!QEEQ,
                                                                                                                                                                              !{k>H3Q5B.@
                                                                                                                                                                              $pd!s#~<<+"xM0B\t8K@zB@F&S`cbP-`'{[! eDh;VEX0fK9-0IWfH0Q){`##xFW<+*x<$9E[-qWW.(I+6aa@.y24x6_-"bbp@t~,/;m%h^uf@Wp~<<EJB[aW}g_Wl~<$2]GLbG"IbX*QqD2"B)%d,>5j>{-]cK'Xto(hw?G%fIq^D$.T?D*A,`6B$BB
                                                                                                                                                                              dr`)B(*`/@4Qhp.U=pa(Aa!bX#!H$ Q"K5H1RT UH=r9\F;2G1Q=C7Fdt1r=6h>C03l0.B8,c"VcwE6wB aAHXLXNH $47Q'"K&b21XH,#/{C7$C2'ITFnR#,4H#dk9, +3![
                                                                                                                                                                              b@qS(RjJ4e2AURT5ZBRQ4u9IKhhitNWGwg(gwLT071oUX**|
                                                                                                                                                                              J&*/TUUT^S}FU3SUPSSg;goT?~YYLOCQ_ cx,!ku5&|v*=9C3J3WRf?qtN(~))4L1e\kXHQG6EYAJ'\'GgSS
                                                                                                                                                                              M=:.kDwn^Loy}/TmGX$<5qo</QC]@Caa<FFi\$mm&&!&KMMRM);L;L5=12`ZxZ,eIZYnZ9YXUZ]F%NNgm}agbg}}=Z~sr:V:?}/gX3)iSGggsK.>.Jtq]z6i4)Y3sCQ?0k~OCOg#/c/Wwa>>r><72Y_7Oo_C#dz%gA[z|!?:eAAA!h!iP~aa~'W?pX15wCsDDDg1O9-J5*>.j<74?.fYXXIlK9.*6nl{/]py.,:@LN8A*%w%
                                                                                                                                                                              yg"/6C\*NH*Mz5y$3,'LL:v m2=:1qB!Mggfven/kY-
                                                                                                                                                                              BTZ(*geWf9+7KW-Xj9<qy
                                                                                                                                                                              +V<*mOW~&zMk^kU
                                                                                                                                                                              }]OX/Ya>(xodff-[nVE/(C<e;?TTTT6an{4[>UUMfeI?m]Nmq#=TR+Gw-6U#pDy:v{vg/jBFS[b[O>zG4<YyJTig}~.`{cjotE;;\tWW:_mt<O\kz{f7y9=zo~r'w'O_@AC?[jwGC8>99?rCd&/~m|x31^VwwO| (hSc3- cHRMz%u0`:o_FZIDATxw]UZ{S'tBoE(VPX;]zX_(B !!}&{OdgDUSAT]T]T:T:T:AW:AW::::NuNuNuNuNuTl7_Nr/{R$"1(J)BU^"1bcOgAUPTzJ"DB%)&lb<wyUpy]wwpsD0UA1=chpQDY[fY)IB5%o-Z ;RABx&[N"3FL^j9 [TRUNCATED]
                                                                                                                                                                              }K:T9/fy`,>
                                                                                                                                                                              ^zcXni4Qted&-Z\0\:XSEDn\(\Tf[1^R(=E?uA<``.ne%a."'W`/ABdRTD6,UG'OdM?fApaAuSdA7E0"FAZLC%nI]fE^Ti.?_@R!(< <MKss~Hm"k' p#w`yxcL,"H`MZiA'0y0/867XunUQLPnhb0'dpE3~GTF=t=$Lx1tJ=;#L|9U`8E/qO
                                                                                                                                                                              J*~g?Bk
                                                                                                                                                                              vLmA^,|9kYiI]S@'kGl'Zblq?LUOGudNxPp*}NQ}XgXu~&+>k%05Ft fNG1'Hd^ As"dr_t"9cLNqF8vyk2iT=m"ysc^&r!}.ViWos5(E;:4AlIAAO/REpP@GoIP1+XnA1WVs7&A0<lj!E.L>x}S5',uJzz}Wovt}xXteJs)bbsSbrsW$q|vbYV6vwUw}sU*]}@7gG^K_tLtoe}p
                                                                                                                                                                              BOQcfJ20(]<]<=>:;s{tCmcNAS3<Maybt'`>b'
                                                                                                                                                                              ~\s!j3C$T1=!qD#zw}R$UAp|cdf,hm}[.2Gz{Y300[,~_j#GVa1#hc~*=MMNN7un];zzu}nfgtQ ^)@bWV7)
                                                                                                                                                                              RD3o{)bQOr"RYjn6kH51{m?qG?*m;#R=)|mb Mo;%\p(&Vag8 X<qLee+{ttz::r7x_*svJ%]$6hfAeQ6~|mS6P(
                                                                                                                                                                              0|OKngM@Gp"
                                                                                                                                                                              k:q _2o-c #GUokNU'?~XBA=8~G3dhD6-l
                                                                                                                                                                              P|$\<\0M0egrCAin|`W{!+p
                                                                                                                                                                              MS_*'2."TW(!C'I"k)!ki"1'5=14XKoO]c>:osQUiN*Z{\h-x`qy7T32sm0$46&!))EIx=2zc$hB_PeN:
                                                                                                                                                                              amCjt\bMg\yW5t<EDC9t$%L.c(1\`1T9ljlh@T")J0#g4!7.]7|mHoO.rEiccEe?s,)!tq
                                                                                                                                                                              t_tvz2o]K7J`[Tugr~`jsZBJ5|$Ha{Ek*Ird-Mm'%Irxx|QBAo7}iJ%V
                                                                                                                                                                              9{82R_$\}MFP(H"b#'2
                                                                                                                                                                              -s~w0{tK:Ry%]oSD&`DlQ&UTW0
                                                                                                                                                                              =cq>\QeP
                                                                                                                                                                              b[QXzR1qFjr-Vpq[c!H`&EO_1"l/
                                                                                                                                                                              1W6M;uP>;>S69ch7r[
                                                                                                                                                                              <`*Ax0f*s+kz~+tm9wCQ871OEU9>0c0>0ge,]]ZYDgs)DRsTJtUv<R=kK,0HyrUX0B5xcDY1OC`{$>myG?GVoRr0IRpdh\
                                                                                                                                                                              (Jb.7VP$v1bZZt<q}:ki_dLV5qU?\xYF{eY1N-KJXbf5\{ymCp)4sNr5"GHAR;,9n%02<"[y/\ /;do?vWtr#ts&~{*kU_{kRyR.f}`m:D3g2H8b'" ~M]s1{y\8}+r{uoR(|SEN2"J>IQ?=CoD"iaZis+McFI#HAbEL5j3:H`ecs3g>2UGc#>F:<[.(>?JtlTdJ]aCiB`FXa QN?zW~sawQ(FXKo8W<k=U?:Cllc#&GUF=-/"mIjW1_ykm]Jo7Efr.8WmBJW+|BUU#c/LK\ikCEPACU9M9BCc$c3_^9]tK5_W
                                                                                                                                                                              7v+nrM:O~W?8&n8sem:" CXx5522a@X+3|}SCgxG69Cg{ Ma#x,YO1FP-n@9Bm7F8s"1I> W*}-O7mmm1m 8
                                                                                                                                                                              oZZjs.\"$JUwi(@VNaXKwe\e:<<IT@W~]P*>~Z*?8N]G;AAN=9o2VHk[ ^eZ)U/EvCdzYsz*~za@8-97M1yu6Xy][MQzXj)3`RYkKn+j`hH_a
                                                                                                                                                                              j^ 65pR="}H9qBkATjBN&ZCPC4l+"$S_797];o-C@q~VN)<!.
                                                                                                                                                                              jiao_Cqf/,*56/*80&!ISLwA*B+Hj@vk/r`t+C`B@L{S#cy{*lYm4LZUbuwhM|yOzj'1`tEi.$Ux$qj+Bk!"k=M!":@O>;);+q
                                                                                                                                                                              jB@


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              13192.168.2.44975950.87.253.1104433412C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:39 UTC762OUTGET /wp-content/themes/shield-apps2/style.css?ver=1.0.1 HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: text/css,*/*;q=0.1
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: style
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:39 UTC346INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:39 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                              Connection: Upgrade
                                                                                                                                                                              Last-Modified: Mon, 13 Jun 2022 17:26:29 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 134459
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Type: text/css
                                                                                                                                                                              2024-10-30 16:52:39 UTC7846INData Raw: 2f 2a 0a 54 68 65 6d 65 20 4e 61 6d 65 3a 20 53 68 69 65 6c 64 41 70 70 73 0a 54 68 65 6d 65 20 55 52 49 3a 20 68 74 74 70 3a 2f 2f 75 6e 64 65 72 73 63 6f 72 65 73 2e 6d 65 2f 0a 41 75 74 68 6f 72 3a 20 50 6f 70 41 72 74 20 53 74 75 64 69 6f 0a 41 75 74 68 6f 72 20 55 52 49 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 70 6f 70 77 65 62 64 65 73 69 67 6e 2e 6e 65 74 2f 0a 44 65 73 63 72 69 70 74 69 6f 6e 3a 20 41 20 63 75 73 74 6f 6d 20 57 6f 72 64 50 72 65 73 73 20 74 68 65 6d 65 20 6d 61 64 65 20 66 72 6f 6d 20 55 6e 64 65 72 73 63 6f 72 65 73 20 66 72 61 6d 65 77 6f 72 6b 2e 0a 56 65 72 73 69 6f 6e 3a 20 31 2e 30 2e 30 0a 4c 69 63 65 6e 73 65 3a 20 47 4e 55 20 47 65 6e 65 72 61 6c 20 50 75 62 6c 69 63 20 4c 69 63 65 6e 73 65 20 76 32 20 6f 72 20 6c 61 74 65
                                                                                                                                                                              Data Ascii: /*Theme Name: ShieldAppsTheme URI: http://underscores.me/Author: PopArt StudioAuthor URI: http://www.popwebdesign.net/Description: A custom WordPress theme made from Underscores framework.Version: 1.0.0License: GNU General Public License v2 or late
                                                                                                                                                                              2024-10-30 16:52:39 UTC8000INData Raw: 35 29 2c 20 69 6e 73 65 74 20 30 20 2d 35 70 78 20 31 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 30 35 29 3b 0a 09 63 6f 6c 6f 72 3a 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 2e 38 29 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 37 35 72 65 6d 3b 0a 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 3b 0a 09 70 61 64 64 69 6e 67 3a 20 2e 36 65 6d 20 31 65 6d 20 2e 34 65 6d 3b 0a 09 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 38 29 3b 0a 7d 0a 0a 62 75 74 74 6f 6e 3a 68 6f 76 65 72 2c 0a 69 6e 70 75 74 5b 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 5d 3a 68 6f 76 65 72 2c 0a 69 6e 70 75 74 5b 74 79 70 65 3d
                                                                                                                                                                              Data Ascii: 5), inset 0 -5px 12px rgba(0, 0, 0, 0.05);color: rgba(0, 0, 0, .8);font-size: 12px;font-size: 0.75rem;line-height: 1;padding: .6em 1em .4em;text-shadow: 0 1px 0 rgba(255, 255, 255, 0.8);}button:hover,input[type="button"]:hover,input[type=
                                                                                                                                                                              2024-10-30 16:52:39 UTC8000INData Raw: 20 2e 70 61 67 65 2d 62 61 6e 6e 65 72 20 2e 63 61 72 6f 75 73 65 6c 2d 62 6f 78 20 70 2c 0a 2e 70 61 67 65 20 2e 70 61 67 65 2d 62 61 6e 6e 65 72 20 2e 63 61 72 6f 75 73 65 6c 2d 62 6f 78 20 70 2c 0a 2e 62 6c 6f 67 20 2e 70 61 67 65 2d 62 61 6e 6e 65 72 20 2e 63 61 72 6f 75 73 65 6c 2d 62 6f 78 20 70 2c 0a 2e 61 72 63 68 69 76 65 20 2e 70 61 67 65 2d 62 61 6e 6e 65 72 20 2e 63 61 72 6f 75 73 65 6c 2d 62 6f 78 20 70 2c 0a 2e 70 6f 73 74 2d 74 79 70 65 2d 61 72 63 68 69 76 65 2d 70 72 6f 64 75 63 74 73 20 2e 70 61 67 65 2d 62 61 6e 6e 65 72 20 2e 63 61 72 6f 75 73 65 6c 2d 62 6f 78 20 70 2c 0a 2e 70 6f 73 74 2d 74 79 70 65 2d 61 72 63 68 69 76 65 2d 62 75 73 69 6e 65 73 73 20 2e 70 61 67 65 2d 62 61 6e 6e 65 72 20 2e 63 61 72 6f 75 73 65 6c 2d 62 6f 78 20
                                                                                                                                                                              Data Ascii: .page-banner .carousel-box p,.page .page-banner .carousel-box p,.blog .page-banner .carousel-box p,.archive .page-banner .carousel-box p,.post-type-archive-products .page-banner .carousel-box p,.post-type-archive-business .page-banner .carousel-box
                                                                                                                                                                              2024-10-30 16:52:39 UTC8000INData Raw: 2d 69 74 65 6d 20 7b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 7d 0a 0a 2e 6d 61 69 6e 2d 6e 61 76 69 67 61 74 69 6f 6e 20 61 20 7b 0a 09 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 09 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 09 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 7d 0a 0a 2e 6d 61 69 6e 2d 6e 61 76 69 67 61 74 69 6f 6e 20 75 6c 23 70 72 69 6d 61 72 79 2d 6d 65 6e 75 20 3e 20 6c 69 20 3e 20 75 6c 20 7b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 74 6f 70 3a 20 31 30 30 25 3b 0a 20 20 20 20 7a 2d 69 6e 64 65 78 3a 20 39 39 39 39 39 3b 0a 20
                                                                                                                                                                              Data Ascii: -item { text-decoration: underline;}.main-navigation a {display: block;text-decoration: none;text-transform: uppercase;color: #fff;}.main-navigation ul#primary-menu > li > ul { position: absolute; top: 100%; z-index: 99999;
                                                                                                                                                                              2024-10-30 16:52:39 UTC8000INData Raw: 75 65 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 62 61 32 65 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 0a 2e 62 6b 67 2d 62 6c 75 65 2d 64 61 72 6b 65 72 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 30 35 38 36 66 36 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 0a 2e 62 6b 67 2d 62 6c 75 65 2d 6c 69 67 68 74 65 72 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 66 62 31 62 66 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 0a 2e 62 6b 67 2d 67 72 61 79 2d 62 6c 75 65 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 62 34 36 35 63 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 0a 2e 62 6b 67 2d 67 72 65 65 6e 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63
                                                                                                                                                                              Data Ascii: ue {background-color: #2ba2ee !important;}.bkg-blue-darker {background-color: #0586f6 !important;}.bkg-blue-lighter {background-color: #4fb1bf !important;}.bkg-gray-blue {background-color: #3b465c !important;}.bkg-green {background-c
                                                                                                                                                                              2024-10-30 16:52:39 UTC8000INData Raw: 64 69 6e 67 2d 70 72 6f 64 75 63 74 73 20 2e 6c 65 61 64 2d 70 72 6f 64 75 63 74 73 2d 72 6f 77 20 2e 73 69 6e 67 6c 65 2d 6c 65 61 64 2d 70 72 6f 64 75 63 74 2e 67 6c 6f 77 2d 62 6c 75 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 69 6d 61 67 65 73 2f 70 72 6f 64 75 63 74 2d 67 6c 6f 77 2d 62 6c 75 65 2e 70 6e 67 29 3b 0a 7d 0a 0a 2e 6c 65 61 64 69 6e 67 2d 70 72 6f 64 75 63 74 73 20 2e 6c 65 61 64 2d 70 72 6f 64 75 63 74 73 2d 72 6f 77 20 2e 73 69 6e 67 6c 65 2d 6c 65 61 64 2d 70 72 6f 64 75 63 74 2e 67 6c 6f 77 2d 67 72 65 65 6e 3a 62 65 66 6f 72 65 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 69 6d 61 67 65 73 2f 70 72 6f 64 75 63 74 2d 67 6c 6f
                                                                                                                                                                              Data Ascii: ding-products .lead-products-row .single-lead-product.glow-blue:before { background-image: url(images/product-glow-blue.png);}.leading-products .lead-products-row .single-lead-product.glow-green:before { background-image: url(images/product-glo
                                                                                                                                                                              2024-10-30 16:52:39 UTC8000INData Raw: 20 20 6d 61 72 67 69 6e 3a 20 30 20 2d 31 35 70 78 3b 0a 7d 0a 0a 2e 70 72 6f 64 75 63 74 73 2d 69 6e 66 6f 2d 69 63 6f 6e 73 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 73 69 6e 67 6c 65 2d 70 72 6f 64 75 63 74 2d 69 63 6f 6e 2c 0a 2e 72 65 73 65 6c 6c 65 72 2d 69 6e 66 6f 2d 69 63 6f 6e 73 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 72 65 73 65 6c 6c 65 72 2d 70 72 6f 64 75 63 74 2d 69 63 6f 6e 2c 0a 2e 70 70 61 72 74 6e 65 72 73 2d 69 6e 66 6f 2d 69 63 6f 6e 73 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 70 70 61 72 74 6e 65 72 73 2d 70 72 6f 64 75 63 74 2d 69 63 6f 6e 20 7b 0a 20 20 20 20 77 69 64 74 68 3a 20 32 35 25 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 35 70 78 3b 0a 20
                                                                                                                                                                              Data Ascii: margin: 0 -15px;}.products-info-icons-container .single-product-icon,.reseller-info-icons-container .reseller-product-icon,.ppartners-info-icons-container .ppartners-product-icon { width: 25%; display: inline-block; margin-left: -5px;
                                                                                                                                                                              2024-10-30 16:52:39 UTC8000INData Raw: 73 63 61 6c 65 28 31 29 3b 0a 09 66 69 6c 74 65 72 3a 20 67 72 61 79 73 63 61 6c 65 28 31 29 3b 0a 7d 0a 0a 2f 2a 70 72 6f 64 75 63 74 2d 6f 76 65 72 76 69 65 77 2a 2f 0a 2e 70 72 6f 64 75 63 74 2d 6f 76 65 72 76 69 65 77 20 7b 0a 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 35 30 70 78 3b 0a 7d 0a 0a 2e 70 72 6f 64 75 63 74 2d 6f 76 65 72 76 69 65 77 20 2e 70 72 6f 64 75 63 74 2d 62 6f 78 2d 77 72 61 70 70 65 72 20 7b 0a 20 20 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 32 30 25 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 36 30 25 3b 0a 7d 0a 0a 2e 70 72 6f 64 75 63 74 2d 6f 76 65 72 76 69 65 77 20 2e 70 72 6f 64 75 63 74 2d 69 6e 66 6f 2d 77 72 61 70 70 65 72 20 7b 0a 20 20 20 20 66 6c 6f 61 74 3a 20 72 69 67
                                                                                                                                                                              Data Ascii: scale(1);filter: grayscale(1);}/*product-overview*/.product-overview {margin-top: 50px;}.product-overview .product-box-wrapper { float: left; margin-left: -20%; width: 60%;}.product-overview .product-info-wrapper { float: rig
                                                                                                                                                                              2024-10-30 16:52:39 UTC8000INData Raw: 27 3b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 7d 0a 0a 2e 77 6c 61 62 65 6c 2d 66 65 61 74 75 72 65 73 20 2e 77 6c 61 62 65 6c 2d 66 65 61 74 75 72 65 73 2d 6c 69 73 74 20 73 70 61 6e 3a 6e 74 68 2d 6f 66 2d 74 79 70 65 28 31 29 3a 61 66 74 65 72 2c 0a 2e 77 6c 61 62 65 6c 2d 66 65 61 74 75 72 65 73 20 2e 77 6c 61 62 65 6c 2d 66 65 61 74 75 72 65 73 2d 6c 69 73 74 20 73 70 61 6e 3a 6e 74 68 2d 6f 66 2d 74 79 70 65 28 32 29 3a 61 66 74 65 72 2c 0a 2e 77 6c 61 62 65 6c 2d 66 65 61 74 75 72 65 73 20 2e 77 6c 61 62 65 6c 2d 66 65 61 74 75 72 65 73 2d 6c 69 73 74 20 73 70 61 6e 3a 6e 74 68 2d 6f 66 2d 74 79 70 65 28 33 29 3a 61 66 74 65 72 20 7b 0a 09 72 69 67 68 74 3a 20 2d 31 30 70 78 3b 0a 20 20 20 20 2d 77 65 62 6b 69 74
                                                                                                                                                                              Data Ascii: '; position: absolute;}.wlabel-features .wlabel-features-list span:nth-of-type(1):after,.wlabel-features .wlabel-features-list span:nth-of-type(2):after,.wlabel-features .wlabel-features-list span:nth-of-type(3):after {right: -10px; -webkit
                                                                                                                                                                              2024-10-30 16:52:39 UTC8000INData Raw: 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 42 69 74 74 65 72 27 2c 20 73 65 72 69 66 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 31 63 39 64 62 33 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 30 20 35 70 78 3b 0a 7d 0a 0a 2e 64 65 66 61 75 6c 74 2d 74 65 6d 70 2d 63 6f 6e 74 65 6e 74 20 3e 20 64 69 76 20 7b 0a 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 32 35 70 78 3b 0a 09 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 7d 0a 0a 2e 64 65 66 61 75 6c 74 2d 74 65 6d 70 2d 63 6f 6e 74 65 6e 74 20 3e 20 64 69 76 3a 61 66 74 65 72 20 7b 0a 09
                                                                                                                                                                              Data Ascii: font-size: 30px; font-family: 'Bitter', serif; color: #1c9db3; font-weight: 400; margin: 0 0 5px;}.default-temp-content > div {margin-bottom: 15px;padding-bottom: 25px;position: relative;}.default-temp-content > div:after {
                                                                                                                                                                              2024-10-30 16:52:40 UTC810OUTGET /wp-content/uploads/2022/10/box-shield-antivirus1.png HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:40 UTC8192INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:40 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Last-Modified: Thu, 27 Oct 2022 16:36:00 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 199859
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Type: image/png
                                                                                                                                                                              PNG
                                                                                                                                                                              IHDR|jh|pHYs.#.#x?viTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop CC 2018 (Windows)" xmp:CreateDate="2022-10-04T16:42:11+02:00" xmp:ModifyDate="2022-10-04T17:01:43+02:00" xmp:MetadataDate="2022-10-04T17:01:43+02:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:b698252f-9371-5548-86b8-af2c6a198927" xmpMM:DocumentID="xmp.did:b698252f-9371-5548-86b8-af2c6a198927" xmpMM:OriginalDocumentID="xmp.did:b698252f-9371 [TRUNCATED]
                                                                                                                                                                              ($$$$$$$$$@PHHHHHHHHHA!!!!!!!!!BBBBBBBBB
                                                                                                                                                                              ($$$$$$$$$@PHHHHHHHHHA!!!!!!!!#)8BBGO'>KDSJe?NfS6%lX6E)M!C4:(VW[C]e4}]9UYd.\?T
                                                                                                                                                                              6(K%$$$@PHH_4Nj#A]mMMMjcee%@?i2Lp40*Q-U/BT)>NbD`L,~gLHHHHA_8i6mlN-//oSZZ.))Mo0{C[(DFFBB7bg6dUf\d*In^If*\ X6 1^uMq
                                                                                                                                                                              b0hzcH*,,WSS
                                                                                                                                                                              jELtBCa[eek;gr`8iTZ4F%;*"]SC<DHl@YZ^HHHHq~zJ8yJmm6WVV:>b/*"QjQ,mKO#i`]&ur(E;v^-*!!!BBBbe$:+>)##%#{"dY0QkjElt#`k59Y@O2K$LN(CrIY$E,'$$$$@PHH_<k6Oo~\%#,}nI#2<|zT*^;rbo.`sO"D:T+55$kr'@vEdWA!!Pu'"rZVVV{"--GIFQ1dQds6deZaQBP}AI|}{J)MXj.N}.;\X!!@G\A!G*v#4v{]<z.j"E#4*fYXZ{Jv*VA/b:_5dq?z[LR\b>hXHA!\$ujSoDG%q$zQ.aGF<i(-SUZkWwE;17rsGlMHh2EC($$$@PHH_Z>ML&;vb***/q/~
                                                                                                                                                                              !'/.;ljy)*U ;5wr-
                                                                                                                                                                              jTZ~~AAA;wr/zq8=(75:"rY.}{Q\]$6;40xNz;LTJA],/Ht[K](
                                                                                                                                                                              2;IRZ>MWVUU}vm/?rN,!pYBjawN)<pV._Fi,MAO4);9
                                                                                                                                                                              JQ6Pk"tQ.CwXrX.BBFt^ H=G<hHZ!$(y\*sar05fk<
                                                                                                                                                                              <Y(~k\B(Y.;+$$@PHDTyL)v
                                                                                                                                                                              ys=YBCCf9t4}'@Z;2wvY(;:2VA!cN1ZI+))F?rR%_z6UNF+#eUd\XUZh]a"VPqQ)D`vGnXrqjr~6m_=*b0iDU5H<l3+._64ZNn"
                                                                                                                                                                              KkeS%vG]Gwk@QJGH~:fz]6l~XnYgB{q4b8v=.#@;srE#&70vh`v.G]i~k^kZ^
                                                                                                                                                                              527]LHN!!5FS=-0!(
                                                                                                                                                                              N.|hyGuTNq(*5Xh8E0MEh!!BB'0uoX[Z}RoEV~nrvB+MAoEl2ltZ[++St7YJCV*Q:&*e]pXLh*:;Z<:VjNqqY]r}rSy%b6W#wrvKa8;>6-C
                                                                                                                                                                              [`l@eFvdVa>BUq,QBr(h]]]HVG0%Rtw ($VwJVg%`(sQE9
                                                                                                                                                                              8b^~-
                                                                                                                                                                              ~}q+K:[bLN8fAfr*-'uJ~'`4Rd]TlvQ`,cG;z.p$wt)
                                                                                                                                                                              :
                                                                                                                                                                              1Sp_M%?aERU\zhj
                                                                                                                                                                              IF?r:`-a3-DZ'PFOv*&<94*G,Q*4J<[2
                                                                                                                                                                              ]S<z7l%3\Y^/WA!!3);m:A(4sQZI,j9Y+Z@nsAawl!Mor]{jOeQTdeT\-rj5pM]X]SY-ZdVP#zNhZ-:]`Z$ZYll*qG%?+RO%,IQzniIwnB!~7,_4\iUQt`dI\/Pt$
                                                                                                                                                                              :qeRcu(V?kxt0[NF 0QVvA<I>niIklR1[pK_da:lJw.Vq(]a!a'wo)YlUuc8_.`MEoO[.%[gK{,<QM-PkPk2VCrKpM2:d}$+$}sl
                                                                                                                                                                              :((h=OQ-sS~o\^9S3|[)I
                                                                                                                                                                              vK-vTy6TC<!SZ^R:nuh7Ow(j<qh

                                                                                                                                                                              (%O4SW_Dr'y7I#|m4<ni--e6-vK,J"[ZK"twT*J~Ow"eJW^ ($$z \vJ^)sW/;
                                                                                                                                                                              kQQk2;uq--qMuv!,b5R9nwt52f }c.5*blxMR'kxF)`zCni/[ )V2U!uF-W2EP+[,CHhh;{:5^`Y+@PHH@`3X?XJJA]R
                                                                                                                                                                              :&yFk2X4eK+LIpxp]^GtntQras`,i.N(BGFzDh28-
                                                                                                                                                                              ^vG(vQP+h/,{G]dutv8.$V~7pR>evN8[ u43-^mEKZ[a(tq..(oWwlD[]@ ($tGB#_ls~.*,.'Iu:p$m(ZyZ@xxqK\IKEgT{]qx{CpKE&XjHqz~M
                                                                                                                                                                              Vms]gjAV2?jb@1is6ZiMxUS_2X@xfK,i\SgVix:-rL+"[ZalL>5u_te(Z-|&LPaRi`)ZdY8_RI:vRy`V!w4_^-Mx{%sK(-BGG,[YP+<G0.NY*d8jNAd? BkADIl"
                                                                                                                                                                              -&'{{hUn(fP)b\jlAhvF{Jz1@R E!Q
                                                                                                                                                                              J?e ]W"+V?^{t>"2;hl:$9U$h/1"5eP`R\NEeBKfvzU'VB1 <?[|--](BqGUWWa]i#e&2a0v3H&AE_*]Uq;Wjq"d]IH||"H6vV1d@x?2~sK{@ATJPliaa ($_9yOAgM=zZ>Ah z5lb P9(MPUT6h $GDLF*$+kh<li'-4
                                                                                                                                                                              ($cF16WA2W*v8+~-a`rT*#,y(Y?Yi[tFp:\c^2M$S%b?-CGs1H*RJ6.&H]Aws5J9eR^E <&X-/DFD-wej!w
                                                                                                                                                                              ;'^Ig ytF0#4UmAI,<9ngn0m:;z<Lkp -0-|g\jNVp#!0aaWSlTy\v}bQBiErr~G]AAQx EBBZX]vnlX4`{N?K6\inr._w<,MXrb`hz5x__c-TB9 [)9;Qw|pr0hxp#nCIy1s2p77Dye*PkK={6|Zm6~u=$RYhNHP+kcL%A`4azE'N%PZ+`xiSqp3U#<4#/}]8kY.GPV]1'1X\9_bW;cq%`':zOfw><*n:8t:<>F6|JO>]sk_alC`v;Q/DH5I&FF?(_2x!r8g_g}?
                                                                                                                                                                              2024-10-30 16:52:40 UTC813OUTGET /wp-content/uploads/2016/03/box-ransomware-defender1.png HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:41 UTC8192INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:40 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Last-Modified: Tue, 23 Feb 2021 06:33:35 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 233034
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Type: image/png
                                                                                                                                                                              PNG
                                                                                                                                                                              IHDR|jh|pHYs.#.#x?v
                                                                                                                                                                              OiCCPPhotoshop ICC profilexSgTS=BKKoR RB&*!J!QEEQ,
                                                                                                                                                                              !{k>H3Q5B.@
                                                                                                                                                                              $pd!s#~<<+"xM0B\t8K@zB@F&S`cbP-`'{[! eDh;VEX0fK9-0IWfH0Q){`##xFW<+*x<$9E[-qWW.(I+6aa@.y24x6_-"bbp@t~,/;m%h^uf@Wp~<<EJB[aW}g_Wl~<$2]GLbG"IbX*QqD2"B)%d,>5j>{-]cK'Xto(hw?G%fIq^D$.T?D*A,`6B$BB
                                                                                                                                                                              dr`)B(*`/@4Qhp.U=pa(Aa!bX#!H$ Q"K5H1RT UH=r9\F;2G1Q=C7Fdt1r=6h>C03l0.B8,c"VcwE6wB aAHXLXNH $47Q'"K&b21XH,#/{C7$C2'ITFnR#,4H#dk9, +3![
                                                                                                                                                                              b@qS(RjJ4e2AURT5ZBRQ4u9IKhhitNWGwg(gwLT071oUX**|
                                                                                                                                                                              J&*/TUUT^S}FU3SUPSSg;goT?~YYLOCQ_ cx,!ku5&|v*=9C3J3WRf?qtN(~))4L1e\kXHQG6EYAJ'\'GgSS
                                                                                                                                                                              M=:.kDwn^Loy}/TmGX$<5qo</QC]@Caa<FFi\$mm&&!&KMMRM);L;L5=12`ZxZ,eIZYnZ9YXUZ]F%NNgm}agbg}}=Z~sr:V:?}/gX3)iSGggsK.>.Jtq]z6i4)Y3sCQ?0k~OCOg#/c/Wwa>>r><72Y_7Oo_C#dz%gA[z|!?:eAAA!h!iP~aa~'W?pX15wCsDDDg1O9-J5*>.j<74?.fYXXIlK9.*6nl{/]py.,:@LN8A*%w%
                                                                                                                                                                              yg"/6C\*NH*Mz5y$3,'LL:v m2=:1qB!Mggfven/kY-
                                                                                                                                                                              BTZ(*geWf9+7KW-Xj9<qy
                                                                                                                                                                              +V<*mOW~&zMk^kU
                                                                                                                                                                              }]OX/Ya>(xodff-[nVE/(C<e;?TTTT6an{4[>UUMfeI?m]Nmq#=TR+Gw-6U#pDy:v{vg/jBFS[b[O>zG4<YyJTig}~.`{cjotE;;\tWW:_mt<O\kz{f7y9=zo~r'w'O_@AC?[jwGC8>99?rCd&/~m|x31^VwwO| (hSc3- cHRMz%u0`:o_FuIDATxw$uU0yfs,,9,$PNdk%peK%@3KZ2lavwvf'U{M,P3s#DEQDEQD%QDEQDEFEQDEQD`QDEQDEFEQDEQD`QDEQDEFEQDEQD`QDEQDEFEQDEQD`QDEQDEFEQDEQD`QDEQDEFEQDEQD`QDEQDEFEQDEQD`QDEQDE3hD{B hPE1U1L|>|,CSU#E(r6{_:~w;{zw+Cv!^)e;~{PH [TRUNCATED]
                                                                                                                                                                              cg;![!o/<lI!_G_("(&EQ:XfY1mJ3FGGg$fhh!RexUMMeNg
                                                                                                                                                                              ))%t ~}8"(""(0ESe('!N'g2^z{{`ddL&C*"(
                                                                                                                                                                              xPFc+do[;<3gD(E('A"4baKlAAA .$]XL?ViGEFEBL48!)Ti]]]Qri"]innMGg7/-;vt&B<TUTUEHw4,]NWbVhd!,v0QH<T!$
                                                                                                                                                                              I6J3EQD EQ/(]`EtE?lBjahllX,(;yvvn`4Q4UQHH@@e]Ozj|pMJw,<FBQhCsQt%W {XHGPJG#^EQD EQy^.]&Z[[ioog``l6(iZgJMM--cI7y:wJ@SUUU!(opDA8H75!D[}Ca}J'iRiujD0B^:pe1M"(""(3M4BEQnd2;kgtt)%5~m3inj&LJg3bV*hF,Cv+zMhR]@<t<>J5->eRP&JTMeNYXC ;tQ.\FEFE5l{m;vl6[Tp?#NsS#(N_ 7`h*%*dDAJ%\7M;?%+> Rb7Yd4d(dO W_OF!DB2mcr@pg]`~Pp]Yq",_+J*;Ek (9EJ/$`$+-tWudo7$|e3d:Ir*Mc,nc\YaYmUsD EQT(iMi^pl/`P_OSS5Ln^[;v\>+c'<`!/@&sl?,< [TRUNCATED]
                                                                                                                                                                              [x+@D)<J?V\> $jD[(<,}(E1=-}F)IMoLfp85(l""!EYLsMy3]]]X\CJI2DF6]Z/,BQ3oXpJdn#kWz+I&JFzjlD\PJ_GTFL5G#XqvY1KV$rP8f8iz sa1}c"( CTU6l_Okk+tX(K#c$eNv!;EMSQ-k,%eRiG g/)T*Md+WzEzy)Dd)+3[(EP%q QTp2qafq ,]gD>iyy6Ye~F &I>r@IF zv Q&DEQDEy(rimC6lMEJ'}NVZ?8wkw!#o?M/yl6'{eDV2tyA]SoPEY{>op6K()Wl!"P3XzUJ={S)R I
                                                                                                                                                                              H
                                                                                                                                                                              d3v4b:Z2neGG(@0(ziNRWo9f2O0t[~XE i
                                                                                                                                                                              w`q`]q;:\]*rtQ2NO,&P}%q.Be"8QZ[(}TT|658/tp`[ /d(\l$f!:&9v9`v`[XPQXj"(""w\4!{{{Oa8#30dndnZN!G)TMUs8gWys:oj fdiBv4;L-;;XW@-W*6(?@o,A!*iB(^GS(L'=wS&=)0(,_ViQJ9(gKD3`,8@dEQD'mX[[Wi&QUC7cbqPN}s+{u+2,N,nxS7`%`WbB',I p=%w>0^(
                                                                                                                                                                              G}E2d-QzRL9Yw7u.wY~,C1QQx3!ekKv6mBH|Bpr5eRQ( k2C(nho:zhJ'"B.eo&;v hjjDuvEe:)_M%fSw/{1XP\;"X5!lgHAa,(w6U&O8#lj4 Dx+A]L2
                                                                                                                                                                              p-Qw^5CT`IToF<)Moe)|sx{?thE`W0CU_e9ggrptN>!Q::"q
                                                                                                                                                                              02Np5^{{"d2I2$Nw042
                                                                                                                                                                              RkjFpSfPS#^6e2>iGQJ!="(q,INhc#BxJRoUtZ;LJ<]z9zkh|5|rUOr9">2p\icKQ<Cx-t#H1dPqB:wtQD Ea<^{(B!34bEwL4]04Ss-SsBI#>}P@}U
                                                                                                                                                                              E[-bi&]-,6 x]MJ#2
                                                                                                                                                                              &
                                                                                                                                                                              Qn/@\aw%sXz N)p*e\(*VD5YByPP|E59|P"96tbA.
                                                                                                                                                                              8MG2u]\.w5o:{a,BQTM%`R(cS.H@TlIIt"t#3Mb6gL#c-0-4-v ]Za68M
                                                                                                                                                                              nUP*LZ|Vz?Rr]FOG]a@H`z`xUzJ=0qDCJ9eTR26*(VA`l4H=S]\PO;z'Mw"(80B|i-+}M7@ ]RXR)
                                                                                                                                                                              _Xc39Bpz^zGpiO
                                                                                                                                                                              2024-10-30 16:52:41 UTC799OUTGET /wp-content/uploads/2019/08/color-line.png HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:41 UTC6704INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:41 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Last-Modified: Fri, 16 Aug 2019 08:10:58 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 6420
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Type: image/png
                                                                                                                                                                              PNG
                                                                                                                                                                              IHDRpHYs.#.#x?v
                                                                                                                                                                              OiCCPPhotoshop ICC profilexSgTS=BKKoR RB&*!J!QEEQ,
                                                                                                                                                                              !{k>H3Q5B.@
                                                                                                                                                                              $pd!s#~<<+"xM0B\t8K@zB@F&S`cbP-`'{[! eDh;VEX0fK9-0IWfH0Q){`##xFW<+*x<$9E[-qWW.(I+6aa@.y24x6_-"bbp@t~,/;m%h^uf@Wp~<<EJB[aW}g_Wl~<$2]GLbG"IbX*QqD2"B)%d,>5j>{-]cK'Xto(hw?G%fIq^D$.T?D*A,`6B$BB
                                                                                                                                                                              dr`)B(*`/@4Qhp.U=pa(Aa!bX#!H$ Q"K5H1RT UH=r9\F;2G1Q=C7Fdt1r=6h>C03l0.B8,c"VcwE6wB aAHXLXNH $47Q'"K&b21XH,#/{C7$C2'ITFnR#,4H#dk9, +3![
                                                                                                                                                                              b@qS(RjJ4e2AURT5ZBRQ4u9IKhhitNWGwg(gwLT071oUX**|
                                                                                                                                                                              J&*/TUUT^S}FU3SUPSSg;goT?~YYLOCQ_ cx,!ku5&|v*=9C3J3WRf?qtN(~))4L1e\kXHQG6EYAJ'\'GgSS
                                                                                                                                                                              M=:.kDwn^Loy}/TmGX$<5qo</QC]@Caa<FFi\$mm&&!&KMMRM);L;L5=12`ZxZ,eIZYnZ9YXUZ]F%NNgm}agbg}}=Z~sr:V:?}/gX3)iSGggsK.>.Jtq]z6i4)Y3sCQ?0k~OCOg#/c/Wwa>>r><72Y_7Oo_C#dz%gA[z|!?:eAAA!h!iP~aa~'W?pX15wCsDDDg1O9-J5*>.j<74?.fYXXIlK9.*6nl{/]py.,:@LN8A*%w%
                                                                                                                                                                              yg"/6C\*NH*Mz5y$3,'LL:v m2=:1qB!Mggfven/kY-
                                                                                                                                                                              BTZ(*geWf9+7KW-Xj9<qy
                                                                                                                                                                              +V<*mOW~&zMk^kU
                                                                                                                                                                              }]OX/Ya>(xodff-[nVE/(C<e;?TTTT6an{4[>UUMfeI?m]Nmq#=TR+Gw-6U#pDy:v{vg/jBFS[b[O>zG4<YyJTig}~.`{cjotE;;\tWW:_mt<O\kz{f7y9=zo~r'w'O_@AC?[jwGC8>99?rCd&/~m|x31^VwwO| (hSc3- cHRMz%u0`:o_F?IDATxMIR#?$Hb;`+86h/nZVfRueEF{J>Lj7 E|o 9}xVo?z;G@'pr?8L(7Y xAdR)8`_
                                                                                                                                                                              6m5]\4}G9S#.s;ve?#@/$v~u}|rj`F_`:'Lr.+y=Kug2+Z2Whv43W][A:Ek7?7L
                                                                                                                                                                              v'o|)B9~-%NI>9qxGC.E3@^/#`"/N!W /\eL!~|Q,hxz9HA-#M/9_uu7@u_b9`Zflw{x%O~~~]p_/|NO'T%y8;6}@~wX.K\grgQ>6o+@3Y;_/=sB!C+`x_~wO2By[Y/A wT><,e?%}}CW"X kL6cUv}$n9l7<L;=_+gg22O?"zw4[yr]S?9swy[Cys-Lr2A}5xM<X&'gg;|E|?k'=1a796,z[gWmuJOr&{IYLt_Ww7cg*;yz~.9CxMsfMv~{/!J&>?nH<%7usWz>b>7y)I2|;t]
                                                                                                                                                                              c\~3>+k:_s)dR3
                                                                                                                                                                              y;]&REPU0^7Ap[>S|81)DIPK_jH4s+'Vd;p<5A=L\` q@$c5=kEposTU="1@gAN5Dq@@q<t"&Ie\)QAq`k"NG8jKn'BPw4h~D{]p!(&V(:y]+z"`:5Lo'9HP {"W.nJf{f|\l'
                                                                                                                                                                              s[Iv1 LO}8oV0DFA!wgc|HHF}C\X\q@o::^Dt0Djb#L:^bQgE5v%fzvdve[IKb]t8gtN.,+E;Pa4$(u4ZVsbiB9Ffk86DcUqOmiPsvFWnN_((n3us);7\A.v%Pz1dAPyWuAq`g}?O9NCY>U<\VE/bl^"ZggK%+\`>blNkmYL&,d4Q:lde&EkCm'i@buTiu:!@ZlNcNh<\_5A.nu^|Jk/fTQP,5uj.M,O#dBQqpR1&72!jGH+Vh!X"(?>d9m"@kT0P5MH!);CZY}+]SP9E)`,e<>i8D{@mO*C}-ASCo|o<L19.
                                                                                                                                                                              1:&1sbZ&J4]]dgvNMF)(zC\8m\=(idvhvPVTWY4beB%{&^+s*jI5>JO&y$;[E]"09l^T"-(r$f{bYPb-Oj`h{<8aS+4rS&[4IEoBqE (jEP\cg5O REmerhsJIOZlL<'blq3T(U1#hnc;6t1vLSE\AFF*EG
                                                                                                                                                                              NS`#=D4`
                                                                                                                                                                              ;fZF4Pme7=2WaH'2wCMCIHi:Q>JF%>2p?T3 (
                                                                                                                                                                              \;4yhVNKHh.U8r?j!vz(3@66c"mP!
                                                                                                                                                                              P5adyl(lvtz2DVJsGXu)M&seARMiNK\iT-YU%kRf=)U8h'Lb/6fmeVrybO{!*8>'xar1lHT4F@KZA35eU
                                                                                                                                                                              q.:YzVUn.j nA"\vlcf_])Z[nh1DI"GAZ+"24M<)YQ7W":`}|zW;LQBgrsm+(JGF&=nvPIR@'/i^Pj:+)F\Pmc4&ryl6PfsAPTL,v(i4OukL_+1n@m.^:&Q9odSA4Q.z"(Ec*<A{Rv1"{2nX;}*EpGvW"c+B$~NAI'J?ZlQAIENDB`


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              14192.168.2.44975850.87.253.1104433412C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:39 UTC774OUTGET /wp-content/themes/shield-apps2/css/bootstrap.min.css?ver=6.6.2 HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: text/css,*/*;q=0.1
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: style
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:39 UTC345INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:39 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                              Connection: Upgrade
                                                                                                                                                                              Last-Modified: Thu, 15 Aug 2019 07:49:20 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 17540
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Type: text/css
                                                                                                                                                                              2024-10-30 16:52:39 UTC7847INData Raw: 2f 2a 21 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 33 2e 33 2e 35 20 28 68 74 74 70 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 29 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 36 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0a 20 2a 2f 0a 0a 2f 2a 21 0a 20 2a 20 47 65 6e 65 72 61 74 65 64 20 75 73 69 6e 67 20 74 68 65 20 42 6f 6f 74 73 74 72 61 70 20 43 75 73 74 6f 6d 69 7a 65 72 20 28 68 74 74 70 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 2f 63 75 73 74 6f 6d 69 7a 65 2f 3f 69
                                                                                                                                                                              Data Ascii: /*! * Bootstrap v3.3.5 (http://getbootstrap.com) * Copyright 2011-2016 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) *//*! * Generated using the Bootstrap Customizer (http://getbootstrap.com/customize/?i
                                                                                                                                                                              2024-10-30 16:52:39 UTC8000INData Raw: 75 73 68 2d 38 7b 6c 65 66 74 3a 36 36 2e 36 36 36 36 36 36 36 37 25 7d 2e 63 6f 6c 2d 73 6d 2d 70 75 73 68 2d 37 7b 6c 65 66 74 3a 35 38 2e 33 33 33 33 33 33 33 33 25 7d 2e 63 6f 6c 2d 73 6d 2d 70 75 73 68 2d 36 7b 6c 65 66 74 3a 35 30 25 7d 2e 63 6f 6c 2d 73 6d 2d 70 75 73 68 2d 35 7b 6c 65 66 74 3a 34 31 2e 36 36 36 36 36 36 36 37 25 7d 2e 63 6f 6c 2d 73 6d 2d 70 75 73 68 2d 34 7b 6c 65 66 74 3a 33 33 2e 33 33 33 33 33 33 33 33 25 7d 2e 63 6f 6c 2d 73 6d 2d 70 75 73 68 2d 33 7b 6c 65 66 74 3a 32 35 25 7d 2e 63 6f 6c 2d 73 6d 2d 70 75 73 68 2d 32 7b 6c 65 66 74 3a 31 36 2e 36 36 36 36 36 36 36 37 25 7d 2e 63 6f 6c 2d 73 6d 2d 70 75 73 68 2d 31 7b 6c 65 66 74 3a 38 2e 33 33 33 33 33 33 33 33 25 7d 2e 63 6f 6c 2d 73 6d 2d 70 75 73 68 2d 30 7b 6c 65 66 74
                                                                                                                                                                              Data Ascii: ush-8{left:66.66666667%}.col-sm-push-7{left:58.33333333%}.col-sm-push-6{left:50%}.col-sm-push-5{left:41.66666667%}.col-sm-push-4{left:33.33333333%}.col-sm-push-3{left:25%}.col-sm-push-2{left:16.66666667%}.col-sm-push-1{left:8.33333333%}.col-sm-push-0{left
                                                                                                                                                                              2024-10-30 16:52:39 UTC1693INData Raw: 6e 2d 6c 65 66 74 3a 2d 33 30 25 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 3b 6c 69 73 74 2d 73 74 79 6c 65 3a 6e 6f 6e 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 61 72 6f 75 73 65 6c 2d 69 6e 64 69 63 61 74 6f 72 73 20 6c 69 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 77 69 64 74 68 3a 31 30 70 78 3b 68 65 69 67 68 74 3a 31 30 70 78 3b 6d 61 72 67 69 6e 3a 31 70 78 3b 74 65 78 74 2d 69 6e 64 65 6e 74 3a 2d 39 39 39 70 78 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 66 66 66 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 31 30 70 78 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 20 5c 39 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f
                                                                                                                                                                              Data Ascii: n-left:-30%;padding-left:0;list-style:none;text-align:center}.carousel-indicators li{display:inline-block;width:10px;height:10px;margin:1px;text-indent:-999px;border:1px solid #fff;border-radius:10px;cursor:pointer;background-color:#000 \9;background-colo
                                                                                                                                                                              2024-10-30 16:52:40 UTC763OUTGET /wp-content/themes/shield-apps2/js/ScrollToPlugin.min.js?ver=6.6.2 HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:40 UTC1479INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:40 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Last-Modified: Thu, 15 Aug 2019 07:49:20 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Length: 1135
                                                                                                                                                                              Content-Type: application/javascript
                                                                                                                                                                              Rn6}/@Ri
                                                                                                                                                                              7Hd7i#Zm&(Tlw(6s:>>|) SNN{'g_?]k8<hfLOIIw>f"G
                                                                                                                                                                              O~Y|~?OteHq;OyR!u9~AF"3p5TayT
                                                                                                                                                                              MrY9@s>sq,Y9,)Z3C,L-{VT12+?~;cB~HdiP)Ar2-3e!i&,-60^<~)B%oKpR2UPQ"1A64Ii'D6OY31+"i(j'R3wnpN(eK$8{abcV}Mr$zq24fD?"6VkH@N&Z/k?fUdq<n>_;xZSrA,raVXGvwj6j+o5Vn:r0YMU'YF;vN]xIv;BSB4/-"AVIGKbLQr(V6;'m-0F(jlL(hdKRyT*GjTT{TJd7A@+IX9z&ZHkpIpp`wTvh}<puQ+B{D/0[Z{Xo+0yy"m^+
                                                                                                                                                                              Y3_ha({
                                                                                                                                                                              V(zl
                                                                                                                                                                              &{9k>jRHBI#MU"s;T9Yl&p`L9mhp -;$ekc)w6oV~tM9]\$atMdMucX>9v/%/qYQ|
                                                                                                                                                                              2024-10-30 16:52:40 UTC751OUTGET /wp-content/themes/shield-apps2/js/design.js?ver=6.6.2 HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:41 UTC2117INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:40 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Last-Modified: Fri, 16 Aug 2019 09:10:30 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Length: 1773
                                                                                                                                                                              Content-Type: application/javascript
                                                                                                                                                                              Ro8[Q%;Y:uvEsHhilqKIYoHb/G$5|3R+I/",D( 2MjG,Knn:`srQ
                                                                                                                                                                              {Z+9fo7@@r-7^]Z*T9 o?)Fi
                                                                                                                                                                              [NSi{e ,(\2:jF~`Xaf>U]FWG>7&.-TCqVw+=$V'YNW8sVZ.n2Lf`NnU2qJ{Q[q=we'1;`hrsy|E~kryRY:l}A36Ga,{#14Sc1v(O[lsxM?gO0\!\9gnV
                                                                                                                                                                              q"+`2I2Km_,&JZE+*@75&L6_3>5
                                                                                                                                                                              xv/5IzW{o~7 K&L#,~]bS%Bf=&pv;kRpFJr|#x^!9;CNc;'dJ(Xm[iR.ViV))AiRLiH,`ee) asvNmA[2 q)R=9b@>JZ_PIA7 KGIkwp}t6:NkJ()EdL.g3<,j4IrM^A'`ba?|YFCXg&$O.bM3(VmjnsX-7y|UjKx"{U:M0"RCcv={t3w`:`sr4=UOD__ZhESzBLMZX/t;iNm MtO#x
                                                                                                                                                                              I(O4@LM2S?x"N
                                                                                                                                                                              &4D724JAZdFtXr\/x')zkte#$"\4d5M8H2YY4eSfr5DGvmzw:7/pr\j>(=I^W
                                                                                                                                                                              2D\$
                                                                                                                                                                              Rg:aDbsn'UezzAk3[=$omsO"D'v1^=aS8pv#&dGIahfm%V+FUEM9`K-Mlwzo+^UW0DzI 95NmG4vTgzx3/5s2Dp[X]B(srU)k0UA/>Z{l;D|GV&[Cdnl+O`>wn""\*KC"e5_AnQrZeeSUi@K[lvG_xs(_;\vB<y=3.Tur
                                                                                                                                                                              2024-10-30 16:52:41 UTC813OUTGET /wp-content/uploads/2016/03/box-pc-cleaning-utility1.png HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:41 UTC8192INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:41 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Last-Modified: Tue, 23 Feb 2021 06:39:16 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 201990
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Type: image/png
                                                                                                                                                                              PNG
                                                                                                                                                                              IHDR|jh|pHYs.#.#x?v
                                                                                                                                                                              OiCCPPhotoshop ICC profilexSgTS=BKKoR RB&*!J!QEEQ,
                                                                                                                                                                              !{k>H3Q5B.@
                                                                                                                                                                              $pd!s#~<<+"xM0B\t8K@zB@F&S`cbP-`'{[! eDh;VEX0fK9-0IWfH0Q){`##xFW<+*x<$9E[-qWW.(I+6aa@.y24x6_-"bbp@t~,/;m%h^uf@Wp~<<EJB[aW}g_Wl~<$2]GLbG"IbX*QqD2"B)%d,>5j>{-]cK'Xto(hw?G%fIq^D$.T?D*A,`6B$BB
                                                                                                                                                                              dr`)B(*`/@4Qhp.U=pa(Aa!bX#!H$ Q"K5H1RT UH=r9\F;2G1Q=C7Fdt1r=6h>C03l0.B8,c"VcwE6wB aAHXLXNH $47Q'"K&b21XH,#/{C7$C2'ITFnR#,4H#dk9, +3![
                                                                                                                                                                              b@qS(RjJ4e2AURT5ZBRQ4u9IKhhitNWGwg(gwLT071oUX**|
                                                                                                                                                                              J&*/TUUT^S}FU3SUPSSg;goT?~YYLOCQ_ cx,!ku5&|v*=9C3J3WRf?qtN(~))4L1e\kXHQG6EYAJ'\'GgSS
                                                                                                                                                                              M=:.kDwn^Loy}/TmGX$<5qo</QC]@Caa<FFi\$mm&&!&KMMRM);L;L5=12`ZxZ,eIZYnZ9YXUZ]F%NNgm}agbg}}=Z~sr:V:?}/gX3)iSGggsK.>.Jtq]z6i4)Y3sCQ?0k~OCOg#/c/Wwa>>r><72Y_7Oo_C#dz%gA[z|!?:eAAA!h!iP~aa~'W?pX15wCsDDDg1O9-J5*>.j<74?.fYXXIlK9.*6nl{/]py.,:@LN8A*%w%
                                                                                                                                                                              yg"/6C\*NH*Mz5y$3,'LL:v m2=:1qB!Mggfven/kY-
                                                                                                                                                                              BTZ(*geWf9+7KW-Xj9<qy
                                                                                                                                                                              +V<*mOW~&zMk^kU
                                                                                                                                                                              }]OX/Ya>(xodff-[nVE/(C<e;?TTTT6an{4[>UUMfeI?m]Nmq#=TR+Gw-6U#pDy:v{vg/jBFS[b[O>zG4<YyJTig}~.`{cjotE;;\tWW:_mt<O\kz{f7y9=zo~r'w'O_@AC?[jwGC8>99?rCd&/~m|x31^VwwO| (hSc3- cHRMz%u0`:o_F
                                                                                                                                                                              1IDATxu\ZnJXq/K)TP@E[8EfwG|?JI6!
                                                                                                                                                                              <d3;;rgsBP(
                                                                                                                                                                              MmBP(
                                                                                                                                                                              %
                                                                                                                                                                              BP(
                                                                                                                                                                              %
                                                                                                                                                                              BP(
                                                                                                                                                                              %
                                                                                                                                                                              BP(
                                                                                                                                                                              %
                                                                                                                                                                              BP(
                                                                                                                                                                              %
                                                                                                                                                                              BP(
                                                                                                                                                                              %
                                                                                                                                                                              BP(
                                                                                                                                                                              %
                                                                                                                                                                              BP(
                                                                                                                                                                              %
                                                                                                                                                                              BP(
                                                                                                                                                                              %
                                                                                                                                                                              BP(
                                                                                                                                                                              %
                                                                                                                                                                              BP(
                                                                                                                                                                              %
                                                                                                                                                                              BP(
                                                                                                                                                                              %
                                                                                                                                                                              BP(
                                                                                                                                                                              %
                                                                                                                                                                              BP(
                                                                                                                                                                              %
                                                                                                                                                                              BP(6Bf!BiEB^B@?"lm;%tBAaM&KVJ{r+T5Br4o4o=zR(J
                                                                                                                                                                              .#|u}0uO$}cXPss3---477L<v]n`u@Z0}N>7]=KPbM-S(
                                                                                                                                                                              %
                                                                                                                                                                              b+4-WMBLm{J2^FZ[[I&qM
                                                                                                                                                                              FF:fcrBRK\Z:B 4\6-!,UI0GmBDPP|B4c@`j<:btqI^a!B!;,/'0D08?)=5^\6E
                                                                                                                                                                              Hf"s8
                                                                                                                                                                              eS
                                                                                                                                                                              BDPP|c/iD0<D"1Oyy9eeeTWW@*<z{,`|
                                                                                                                                                                              LFI,YHUHEB7B]2(0p:l::U}
                                                                                                                                                                              AB+_~L:>nDYY())FR:a <4 !\('.YL|n<B~0we3GI,\q,b?OBP"P(v0PMNJ&VVVYjWX,]u<@hBV$,vr:<Q?Pld-rl*HOBP"P(F"RQ}/_+"JE,h?iX
                                                                                                                                                                              Q!g.t-Nk+RJi"tzWqfPJc0slviSo^<^P(lvQJoq8'VWW[lK,il/A8HH*(+%t/#Y]NI[\!6#R7piWBg5tNGV[XDP#b]bXdeeeb14M02us=-(|$tYSBy:Z0'A|]t0s%hOG6tt~:QWP"P(v}u(]G\2oEZ&A<U<
                                                                                                                                                                              sseTz'-[*a'~O?0[EN%C7q$3XF{:
                                                                                                                                                                              AB4mig8sJUUdq]0:{h`P&hf,yJRu$n] ?s6J;Hb6XE~QP"P(DurPRRB"h[i' K~^,0t"%H.[*jKni=sz(\! PZKbttzbyw?P(T(i0<.d!0LE0eq?Kb
                                                                                                                                                                              Q]YLzX['.,@v7J$p?gK!0bMjHZJ)#ik[m^BBm@u;a\[dIxDhVHNh $f:u)`;_WPe[jXBS]65%f,e\G8lFBDP(4MT!uuu{/\PUUy@# kJ}b+DOilvAVa=3I]=]K{::;pmRn**OWVV6h9,^&4]G, @\C_<d5UI%=mDmLAbns:%#BBn8+K,5k+W$JaD
                                                                                                                                                                              9$
                                                                                                                                                                              5pJs]WvYgmJk*0mR[2MG7JG+*ndM$;7_OB0=a"kKln#5v-D?TP2)]=qb~41suBDPY_|*tM'/ H`RR*0~_
                                                                                                                                                                              jB=I9K][vn7#xrS@NRm[3rXM{%tt61P"P|piHg;7W_Q^VF gS#uuxiMx}m:94@ qI0&|\m"AH55r4jSR)E)e}@V75%5l\S]2XI{1T]J]`ZY|Y'~Hk]SY]hmu6YkfOL#y6UiZuszJ&|IK{ui':C /M''#M4q3?/#+;(>O6f-Veq-~L66BB1##=u+W+e1-)'6"fgO 48CUqIz2s;M,!p3G!hq4]K?LM`
                                                                                                                                                                              )bHuHF-m&-f%z,\z6qf6LGd.QXB}s%|]SMiH]Gf~b7?lGRTmjlVMM!c\1xGJik.h0f%--iDtPd@BH^2|Tlc)T^\j*T(sC#
                                                                                                                                                                              :lTwPGw7Hy:J;4.)],s{IcK -%)uLKUCBurt`6kXOc)ic{*-d[d+,wl:(&BB-mK%pWl4O\_s=VQ]B7yHi1.vLK3L4rtA"ZZ03<.6qFmuJ;U"P|sj:MHz/~Ml+;DooHCtlOKLQJ[ZFFu_aF %1[-J;e&n1jQ\C{
                                                                                                                                                                              c%~2T(T(Ep{yd~KP).^mt<xqiM3"SKc$SbZ#e:Vii"J'>]&M{::+Oy)OGfk_P"Pr(e=L*vjF6FWJZew7LKgQlZfSZZ2(tIm=~VK+3Ue~DPP,ibPT-%CPvwmE]g{]YZLKKgR!MA.zV
                                                                                                                                                                              3MMvi=j@{:*uQ*&J
                                                                                                                                                                              6zlcCgjlfo~^w4n*-:i`bme.nOE%ub2DPP|mE0#5ivv;4tw%T:KFxChZZxFHtn)--~E3aZ:|mD sOw]~
                                                                                                                                                                              9+tt^.*T(v-!LY=J ]Tf:.^sWv)]<(f;w,HLCa^AM#(4AiiU-A_eS]2RTl8&9R"P|fceMwg&a?vml;??sQ;ZJBv0@qSXJox:-{^-f! KKk9/~rV0KM2sS,n(T(-hd*|]5*mS8vYmtV6qIDvGzKZ=I@M4yIKgxkI6|i_g$2UZ:"'To4%<DPV6}m1nHy{<B`Gxa'^ 0p>9W_3E`MmVo:U{ZjkaClt1;]2x+1ZYB+D=6<fMul\k;T:[).HuQ!%IC<+afiu?+vmfKiKMo<-a|YTZz&ZZsQ"PQ`T*f%-l%Pit8vPN-
                                                                                                                                                                              BCf`q_h-!
                                                                                                                                                                              2024-10-30 16:52:41 UTC8000INData Raw: 91 8c cb c9 63 64 24 87 39 2d 4d 7c 58 5f 4b 65 3a 85 25 b4 6f 55 41 c9 37 43 18 d9 40 18 db d3 d2 ee 06 69 69 d1 e1 64 ce 14 a2 ad 62 3a 90 69 dc 1d e9 20 89 d9 ea 69 95 96 56 28 11 54 28 be 85 64 d7 f0 09 91 69 e8 ec 38 d4 a4 1d aa 6c bf a1 73 d2 f3 90 ec ba ad 5d be 71 22 e0 a6 71 72 fa d1 3c ee 6c e2 83 8f 20 9d 3f 1c 69 04 10 6e ca 97 3f 40 ea 16 5e 20 8a e6 c4 09 56 7c 41 b8 e4 1d c2 6b a7 e1 d6 2e e6 1e dd e2 c0 68 92 7d 7b f4 22 a4 69 24 3d 17 01 ec 95 97 cf 98 48 2e 9f 37 35 f0 49 63 3d 4d 8e 8d 25 b4 ce 0d a0 15 bb 95 30 66 7d 71 a3 d5 d2 19 3c 20 e1 49 e2 d2 43 e2 6e 58 2d 4d e7 b4 74 76 ea 4b fb 2c e9 cd a5 a5 45 66 ff b0 f1 b4 b4 a7 de 32 85 12 41 85 62 d7 89 36 68 42 60 b4 1d 20 3c ea d3 69 aa 1c 9b 5a db a1 c5 f5 b0 a5 ec 34 43 56 b1 83 de
                                                                                                                                                                              Data Ascii: cd$9-M|X_Ke:%oUA7C@iidb:i iV(T(di8ls]q"qr<l ?in?@^ V|Ak.h}{"i$=H.75Ic=M%0f}q< ICnX-MtvK,Ef2Ab6hB` <iZ4CV
                                                                                                                                                                              2024-10-30 16:52:41 UTC8000INData Raw: 86 4e 63 55 15 fd 46 8f e6 bb 17 5e 04 9a c6 9c f7 de 65 c0 98 31 1c 7a d6 39 78 ae fb b5 02 82 d2 93 7c 8d cc e1 56 bc 29 02 a3 de c6 ac 4d 23 83 3a b1 42 c9 c8 29 7b 73 fc d5 d7 50 59 55 4d 6d 59 29 43 c7 8e a1 a6 64 35 ab e7 cf 47 d3 04 b1 c6 06 ae 7a f8 11 fa 0d 1f 46 f5 9a 35 68 86 41 28 37 8f 0f 9e 7d 96 9b ce 3d 8f e7 ef ba 9b 48 61 11 bf 7c ea 29 06 8e 1d 43 7e cf 14 ba 0e 75 e5 82 54 62 e3 af 4d 02 cd 75 f5 6d f2 b4 ef 89 27 f2 ab e7 5f e0 be 99 5f 71 cf 27 9f 73 c1 6d b7 91 5b 58 00 c0 33 b7 dd c2 ba c5 4b 30 4c 93 bc 5e 3d 19 3a 69 52 fb 4b 32 2d 12 6e 56 ea 04 76 da 23 d1 da da fe de a6 d3 74 74 45 cf 75 db 3f 13 32 7b 9d a4 64 de 1c 00 86 4f 99 4a 8f 81 fd 90 52 62 06 83 04 23 61 42 b9 61 72 a2 61 42 39 41 ac 50 68 93 d1 c5 54 2a e9 af 57 05
                                                                                                                                                                              Data Ascii: NcUF^e1z9x|V)M#:B){sPYUMmY)Cd5GzF5hA(7}=Ha|)C~uTbMum'__q'sm[X3K0L^=:iRK2-nVv#ttEu?2{dOJRb#aBaraB9APhT*W
                                                                                                                                                                              2024-10-30 16:52:41 UTC8000INData Raw: d3 1b eb 59 d0 da 4a 40 d3 88 e8 7a e6 62 b4 a5 8a 3b 19 83 f4 43 27 15 97 0f a2 75 df 7c f4 26 3f 4a 5f 75 71 7f aa 2e ea 4f af 47 4b e9 7f c7 2a bc 80 a6 4c 63 17 8c 02 76 f5 f7 ea 6d 52 22 a8 50 ec 12 b8 ae 4b 51 ef de 1c 70 ca 69 0c 9d 34 99 82 9e 3d 79 ea 96 9b 68 28 2f 67 d6 bb ef 33 68 dc 78 56 55 57 f3 df bf 3d 42 c8 30 08 44 c2 44 f2 a2 5c f9 97 bf b2 66 f1 22 96 7c f6 19 87 9c 71 26 e1 68 1e ef 3c fe 58 d7 4d 83 d7 ab da d4 61 83 35 55 9a a6 d3 da dc ca bc 69 d3 18 b9 cf be e4 16 17 b1 66 c1 02 52 b1 64 5b 61 80 62 33 42 1f f4 73 fa 96 b1 9d 8e 32 42 74 6a de 9c ad c6 0d 46 c2 1b 9c 58 78 8e 83 d0 34 0c d3 64 e1 47 d3 31 4c 13 2b 68 31 e7 dd 77 30 33 23 e2 5e 7d f0 81 4c 93 e6 38 0f 5d 71 19 91 c2 42 bf f8 28 27 17 33 18 60 e9 e7 9f 90 1f 0e f0
                                                                                                                                                                              Data Ascii: YJ@zb;C'u|&?J_uq.OGK*LcvmR"PKQpi4=yh(/g3hxVUW=B0DD\f"|q&h<XMa5UifRd[ab3Bs2BtjFXx4dG1L+h1w03#^}L8]qB('3`
                                                                                                                                                                              2024-10-30 16:52:41 UTC8000INData Raw: 23 2f 0f a1 09 ea 3e fd a4 ad aa d5 69 69 26 6f dc 78 3c c7 26 59 5e 8e dd 50 e7 57 16 ef b3 1f e9 da 5a 12 65 a5 a4 6a aa 41 d3 fc 36 37 b6 ed 47 2c a5 c4 2c 28 c4 b3 fd 35 70 c2 0a a0 59 a6 bf 5e b1 b6 06 b3 a8 08 37 95 22 6f f4 38 c2 83 87 a0 07 83 c4 d7 ae c1 4d d9 d4 7d 3c 83 c2 fd 0e fc 46 af 5b 93 ae 8b d0 74 06 9c 73 6e e7 eb 3d 8f e6 05 f3 11 9a 9f 32 17 96 49 a8 ef 86 b3 84 e3 6b d6 80 eb 6d f5 e7 4a 04 02 ea 0b a6 f8 7a 12 98 1d 96 43 e7 d4 b0 27 bb 2e 22 a1 43 f0 ab 2b 09 db 68 7f 40 b1 e9 bf d9 e8 7d ae 27 57 5b ed 56 9b 6b 7a bd 9d 36 b4 94 3b 77 17 a8 4e 0d 15 8a 5d 44 16 d2 b5 35 48 d7 21 3a 7e 12 5a 28 84 94 12 a7 b5 d5 ef fb 97 e9 15 67 15 f7 20 67 d4 58 7a 1e f1 1d 72 86 0d c7 69 6d 25 77 d4 18 dc 44 82 c6 d9 5f a1 05 2c 12 eb ca 68 f8
                                                                                                                                                                              Data Ascii: #/>ii&ox<&Y^PWZejA67G,,(5pY^7"o8M}<F[tsn=2IkmJzC'."C+h@}'W[Vkz6;wN]D5H!:~Z(g gXzrim%wD_,h
                                                                                                                                                                              2024-10-30 16:52:41 UTC8000INData Raw: 33 8b a5 65 85 5f 98 10 02 4b 7f fb 6b 01 2d 17 04 5a d2 db 18 62 07 b3 59 55 03 67 02 00 4a 06 18 28 57 eb ec 2d 6e 28 70 46 b1 af 61 a3 0c 57 b2 06 fc 49 8f 0a 58 17 10 45 63 1d 1e 41 a0 2b 1a 78 1f 1a 81 c1 c9 00 de f1 4a 13 87 20 18 46 18 c7 96 1b 82 8f 45 7a 84 91 75 8f 33 b1 75 0b 91 ee 6e d2 07 f7 a3 45 a2 64 fb fb 1c fb 12 45 45 5a 16 5a 73 33 d1 9e 29 64 f7 ed c5 ce 1b 24 e6 2f 20 d6 3b 83 d6 15 ab d0 db db 31 c7 c7 9d 2f 76 4b 0b dd 2f bc 04 45 8f 90 1f 1a 44 ef e8 c0 1c 1b 73 a6 64 0c 0d 21 f4 08 91 ee 1e 6c cb 72 01 99 c0 ca e4 50 93 49 5a 57 9e 8a d6 da 46 b6 7f 80 d6 95 2b 31 c7 27 18 7a f8 41 d0 74 cc f1 09 46 37 3c 89 d0 23 8c 3e b9 1e a1 aa 0c dc 7f 2f 08 81 12 d1 41 51 31 53 29 50 94 c2 38 bc 88 ef b5 8b c0 93 91 94 01 8a 87 3c 41 4b 07
                                                                                                                                                                              Data Ascii: 3e_Kk-ZbYUgJ(W-n(pFaWIXEcA+xJ FEzu3unEdEEZZs3)d$/ ;1/vK/EDsd!lrPIZWF+1'zAtF7<#>/AQ1S)P8<AK
                                                                                                                                                                              2024-10-30 16:52:41 UTC8000INData Raw: 20 04 5d 17 5c c8 cc eb 5f 4d d3 c2 45 d8 96 4d 76 eb 26 c6 6e fa 35 13 6b 1f 22 d3 37 41 6e 24 ed 4c 9a d0 d4 92 ed 87 28 9c c7 a5 69 91 1d 9e 20 37 a2 a0 f6 a7 88 ec 1f 26 b3 75 3b 91 07 ee 40 ef 9d 49 6c d1 72 e2 4b 56 a1 4d e9 45 4d 36 d3 be fa 34 da 4f 5d 8d 31 3a ca c4 d6 2d 8c 3c f6 28 43 f7 dd 4b b6 bf 2f b0 80 fe d9 1a 4a 2c c6 ce ef 7e 8b de 57 5c 53 31 4f 76 d1 3f fd 1b 76 2e cf 8e 6f 7c 15 a1 e9 a8 b1 98 a3 f0 f9 ce fc d2 b6 b1 d2 69 84 aa d2 7b d5 35 9c f4 e1 7f 25 39 77 1e e6 f8 18 eb fe f1 fd 1c 2e aa 09 45 c1 9c 18 67 62 d3 46 da 57 9f 56 ba bd 69 c1 02 da 56 9e ca e0 7d f7 1c 7e 43 8b 94 a8 c9 24 4d 0b 4f f2 dc 3c 74 df 3d 8c 3c f6 30 d1 ae ee 60 b5 51 79 fe 7a 52 4a 1f dc 15 eb ff 82 14 41 4b 3a dd b7 c5 c9 22 00 6a 24 c2 ce 3b ef 24 33
                                                                                                                                                                              Data Ascii: ]\_MEMv&n5k"7An$L(i 7&u;@IlrKVMEM64O]1:-<(CK/J,~W\S1Ov?v.o|i{5%9w.EgbFWViV}~C$MO<t=<0`QyzRJAK:"j$;$3
                                                                                                                                                                              2024-10-30 16:52:41 UTC8000INData Raw: c1 c4 b6 a7 bd ef 6f 2e cb 81 3f fe 9e d4 ae 9d 68 c9 a4 03 94 d5 56 67 9a cf 58 ed ec bf e3 36 1e b8 e6 4a 12 b3 e7 62 8e 8f 31 fa c4 e3 a8 cf b4 cb 3b 60 df a1 28 6c f9 c2 67 49 ce 9f 4f 62 d6 1c 6c c3 60 db 97 ff 9b e1 b5 8f 04 d6 29 96 e0 36 95 a2 f7 9a 6b 59 f0 be 0f 12 9b 32 15 35 91 e0 e0 9f ff c0 81 3f fd 1e 4d 6b 3a 2a 10 e8 16 e1 4a 4a 20 95 69 60 77 7a b8 04 81 b2 50 46 d7 c8 09 5d b8 c7 b6 51 aa cb 93 b6 a4 7f e3 46 cf e3 16 5e 7a 29 8b 5e fc 62 36 fe e1 f7 68 b1 18 5a 61 da 4a 71 d8 b7 b4 6d ac 7c 0e 2b 9f e7 bc 7f f9 17 92 53 ca c0 7d 68 fd 93 64 46 46 88 36 35 95 bb 82 85 e2 aa 0b 2c a4 a7 0b df 61 59 0f 8a 64 19 da 28 75 fc 7a e1 2d a8 7e d0 dd 25 4c 35 40 93 b2 12 0c 03 61 50 06 fa 19 36 e2 ff 57 0d 22 4b b7 8b ea 2a 60 3d d5 af 9e 02 59
                                                                                                                                                                              Data Ascii: o.?hVgX6Jb1;`(lgIObl`)6kY25?Mk:*JJ i`wzPF]QF^z)^b6hZaJqm|+S}hdFF65,aYd(uz-~%L5@aP6W"K*`=Y


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              15192.168.2.44975650.87.253.1104433412C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:39 UTC766OUTGET /wp-content/themes/shield-apps2/css/slick.css?ver=6.6.2 HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: text/css,*/*;q=0.1
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: style
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:39 UTC344INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:39 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                              Connection: Upgrade
                                                                                                                                                                              Last-Modified: Thu, 15 Aug 2019 07:49:20 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 1729
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Type: text/css
                                                                                                                                                                              2024-10-30 16:52:39 UTC1729INData Raw: 2f 2a 20 53 6c 69 64 65 72 20 2a 2f 0a 2e 73 6c 69 63 6b 2d 73 6c 69 64 65 72 0a 7b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 20 20 20 2d 6d 6f 7a 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 75 73 65 72 2d 73 65 6c 65 63 74 3a 20 6e 6f 6e 65 3b 0a 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 6f 75 63 68 2d 63 61 6c 6c 6f 75 74 3a 20
                                                                                                                                                                              Data Ascii: /* Slider */.slick-slider{ position: relative; display: block; box-sizing: border-box; -webkit-user-select: none; -moz-user-select: none; -ms-user-select: none; user-select: none; -webkit-touch-callout:
                                                                                                                                                                              2024-10-30 16:52:39 UTC816OUTGET /wp-content/themes/shield-apps2/images/shield-apps-logo.png HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:39 UTC8192INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:39 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Last-Modified: Mon, 13 Jun 2022 17:28:03 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 12488
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Type: image/png
                                                                                                                                                                              PNG
                                                                                                                                                                              IHDR8pHYs.#.#x?vtIME1}tEXtAuthorHtEXtDescription!#
                                                                                                                                                                              tEXtCopyright:tEXtCreation time5tEXtSoftware]p:tEXtDisclaimertEXtWarningtEXtSourcetEXtCommenttEXtTitle' IDATx]wTg-tR
                                                                                                                                                                              BE`k1yvXPDvb(U@M9z53g{B/|'F?u{S>%_T%SC-]?4hb/^W%=RHJ$~S&OYFK?o`0#`YUF:#CnlLh$j
                                                                                                                                                                              /R||F1L]usNEc\.FUR:5u^pKBGg_?:i4;yS}?-(8\{sN,&ibee@.W=P(!#9qP$x:P}J8ptA)2gu]y_?4=s[}/}+2NZZb7_r9~L}*5U]UU==U-!D277799933D"AfWZRT*ZV*4M/_A7oKouAFF\.H$7n4~j23;s!BB r!j8{nQQ3g~wOO9v*)).*r7nI8>F_xQR311x5n4POW^G;wW=}@V3g}%77qoie $.bvBsCWqcBBX,|.})ggSPte2myv'oe4FFFeeeUx~iHIIIttRBM77yC4Dq~.eeecs&V=Qe/]\z@cP#MKkz~~UZ7o*66u,99yS##6m4mTTfee=}TY) 25z(;;YfS/0iDS`q'p$#S}0{U+8n [TRUNCATED]
                                                                                                                                                                              C<y{;w6mu:v1>|dd@5<DQn/TQQ thF]n~(GoTpPK@sif@G#7#o
                                                                                                                                                                              yyy{m+WsX,2dO:ekkkccS\\|u@BBkvI[~]Jxqjmf`````P-m'''w/##CRY[[{zzZZZj7+,,p0qZ
                                                                                                                                                                              1<xpwim83///99$I:886bo1"Am+t\7`*VqXXY84-=x,al,pv{x:*4Fq$0j+TOWJ6!6YX,r,L$pO^s!^`oYUUWsG3g/^pB'O~QTTD&kWsssh(H|rdd5ou;vWAO>6mvwCCitE7nq30|+V4mEc --Ah W{jejx@q%o;9LoX\\]e,@eTULEtzo^tWWE Q:(N*&7E{cf`X
                                                                                                                                                                              h^LFp,0rH<*>}?^OO,>>lW\:t6mV>|.]L>]('$$>}:33@wfssg5ox22BukZ=atmdMsX](j9mPOO'~kusrr={F`QUU5sCBYf**##5k)4hXT,4iDT4.' g2UI9cf{$}|,&;T&;ttHSJJ|"!$L5W%J(`.[Te mIK#Wd31$}QV.c#`UEb`lLGpwTRVeJ?[[?55
                                                                                                                                                                              ?ekkoGYjaD"MNDkmMEEw}'Nr~d)"""Sa6oy.]=W^u4
                                                                                                                                                                              4iRNrrr"""xNFFFRR1k;wuYfJ{zAAAXXG^^^IDGGk/**?3iUA7EOs%9yBW*1Qf`U(m#tq`Y+7ENNF=fYw~.[WaE3aAxKa25FE0U)~*//Q[`[{
                                                                                                                                                                              i#`U9zI@y%%0!BV(>/_VVu!f=x`Paa?);t@SRRI8qbhh(B(11qmQQ~z]>J0d'Ojf:M6D(O:U,WZ|;toVsr?yWGGi%BqzBW.n'+YRE=,X_G0`vnnOq#Vm94*h#q&:lcX05%K3!-prcbbzu}c
                                                                                                                                                                              df;w666|)S:u4v'O,]3W(9s)SVXafntqq+7i&Ir{l\ns=oW]&r6<yRcEEEj3q\]d\ut$e{Wu5g*c??XB`A6G9LPB
                                                                                                                                                                              r5d;B>ZrX~c ???$$UV;wqcppm"##7lV*,,\rwl)J0dy9{9s4o0?{>S~$T*++5no-+64AReeesO#Cr( {q_D?x
                                                                                                                                                                              ?M_kW(jS /v[Ji J",INd"dnrd
                                                                                                                                                                              pB>}`&M7nJ<zhhhhLL$@eeG?~|[nu5..a~m_|<[YIj`dd4q&dffcR-'3g];}Zat|Q^^5HHHP
                                                                                                                                                                              <
                                                                                                                                                                              B*d7oh{xx4t>i>[=z4G#S$DV+)40C,%1;U]CH DCM ,S"8v'N8{lGG1c/]s=z@UUoRLVUU,EQmB8p[*ofjMZ$7oi]viPhKiii7!>UTTWBH5iiD. jWJ/a`0pry;J1I8LQ=1 xj]`/.z2Fyo1laM3feR|#~G~=zhtti=|}}---Bfz5k6mz1OOeo%c&&Tc633yeee@iiirrrppp'X,I4maaSL&7:Do)D$+N cnd6oT@~@@!|p)Dy0f
                                                                                                                                                                              0Wh-%}`b)WQ&EM4)""//((Xj?p]v<7;y7nvZ$Y%!gF@84#xeP''9s|wiAAAC1&eWq1fWJ56cczj$*>Jjs">,U*~'}YmL(fa781T~)4d@7aX1bp~K.={$I<==i.**7oY8]]]b$sK`e#GM-(FM$Iyxf,hb}1GSH(E4D
                                                                                                                                                                              994F=+V*WQX#nXDQA96h\@(9i))+"~XtCZjvq1[&$$7kO>SNuqqqppXre~ZlqFcccq
                                                                                                                                                                              NOiFjammmXe333}}}:k5zWeTk3m*&Jh48B0mmo #@B!Q
                                                                                                                                                                              ?iq(OTQIA{@`XUb>,X0o<9sO2ERlR{dYv1]k={4[uU'Ou<066c=l4\\\<<<n3f
                                                                                                                                                                              kpss=aAR1%7_*85%:8
                                                                                                                                                                              @XJ:s0gQ$9Y1rv&)ijPe$"PQ^gl^t=99]vKPPPhhhpppjjjRRxmPQQqgffK*333__'J3dH\@*"R\\\YYY#akj\r'Z!m6h^^[UUU:g4_~<~:66_~JVO>#,V9B@z9ila@pmI5w6<u-EeEVX0g;yGavvvVVL&K8qE__Oe&55~{i@@@<ehLTNG-[v\*[|ccc[8>VTThSnnL&v~4!Rs6lX\\O999SN(J&edd={];rKPhJH1~-[

                                                                                                                                                                              <yL&z333j|!IqkbfpLc8ywa%w$~o'&"45Eb1fY:3quj*`2>&?7@4b3s!,h%@,\Heh'V%l52Xk.$Yfdk7N{y___[[kFDD*r+VXmpMPVVzzJ$IhH1^bm4I000KR9s9l@(o>""9vXmH,bCM6eW^7o,yg@4`i$i&mHIJ>Z"hQQgExCE+S8?[5yRoXAcI)9%@WF__]]$cc@je]{%;dn\Hu2Rsj0wEdAFqHwp`\*}5k3gii)BBB233H!7
                                                                                                                                                                              2024-10-30 16:52:39 UTC4581INData Raw: 73 67 c3 86 0d 77 ee dc d9 ba 75 ab 8b 8b cb ca 95 2b d3 d2 d2 62 62 62 4c 4c 4c 5e bc 78 01 00 04 be 0f 00 34 03 26 a6 9f 08 04 01 00 5e ba f8 88 c0 27 14 0a 87 0f 1f fe e7 9f 7f f2 a4 03 00 af 5e bd 8a 8d 8d d5 26 50 00 60 59 f6 f6 ed db 9a 44 75 99 4c b6 7b f7 6e 6d 02 05 00 a9 54 7a f8 f0 e1 bc bc bc 9c 9c 9c d3 a7 4f 6b 13 28 00 a8 d5 ea eb d7 af 9f 3a 75 8a 3f f5 f1 f1 49 4a 4a e2 fd 70 3c ca cb cb 0b 0b 0b 79 02 d5 d5 d5 9d 38 71 e2 8d 1b 37 a6 4c 99 02 00 19 19 19 89 89 89 da 04 0a 00 0c c3 3c 7d fa 34 3e 3e 9e a7 c2 09 13 26 ec d9 b3 47 e3 08 55 a9 54 85 85 85 fc ad ce 9d 3b 9f 3f 7f fe eb af bf d6 f4 55 2a 95 19 19 19 0f 1e 3c e0 4f 8b a5 f8 f6 2b 46 2a c7 1a 02 05 00 8c a1 42 0e 77 b3 d9 62 e9 5f 14 99 27 f9 5c f6 5b 4e a1 c6 da fa 0d 06 2c 57
                                                                                                                                                                              Data Ascii: sgwu+bbbLLL^x4&^'^&P`YDuL{nmTzOk(:u?IJJp<y8q7L<}4>>&GUT;?U*<O+F*Bwb_'\[N,W
                                                                                                                                                                              2024-10-30 16:52:39 UTC797OUTGET /wp-content/uploads/2020/03/box-vpn1.png HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:40 UTC8192INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:39 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Last-Modified: Tue, 23 Feb 2021 06:39:51 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 174988
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Type: image/png
                                                                                                                                                                              PNG
                                                                                                                                                                              IHDR|jh|pHYs.#.#x?v
                                                                                                                                                                              OiCCPPhotoshop ICC profilexSgTS=BKKoR RB&*!J!QEEQ,
                                                                                                                                                                              !{k>H3Q5B.@
                                                                                                                                                                              $pd!s#~<<+"xM0B\t8K@zB@F&S`cbP-`'{[! eDh;VEX0fK9-0IWfH0Q){`##xFW<+*x<$9E[-qWW.(I+6aa@.y24x6_-"bbp@t~,/;m%h^uf@Wp~<<EJB[aW}g_Wl~<$2]GLbG"IbX*QqD2"B)%d,>5j>{-]cK'Xto(hw?G%fIq^D$.T?D*A,`6B$BB
                                                                                                                                                                              dr`)B(*`/@4Qhp.U=pa(Aa!bX#!H$ Q"K5H1RT UH=r9\F;2G1Q=C7Fdt1r=6h>C03l0.B8,c"VcwE6wB aAHXLXNH $47Q'"K&b21XH,#/{C7$C2'ITFnR#,4H#dk9, +3![
                                                                                                                                                                              b@qS(RjJ4e2AURT5ZBRQ4u9IKhhitNWGwg(gwLT071oUX**|
                                                                                                                                                                              J&*/TUUT^S}FU3SUPSSg;goT?~YYLOCQ_ cx,!ku5&|v*=9C3J3WRf?qtN(~))4L1e\kXHQG6EYAJ'\'GgSS
                                                                                                                                                                              M=:.kDwn^Loy}/TmGX$<5qo</QC]@Caa<FFi\$mm&&!&KMMRM);L;L5=12`ZxZ,eIZYnZ9YXUZ]F%NNgm}agbg}}=Z~sr:V:?}/gX3)iSGggsK.>.Jtq]z6i4)Y3sCQ?0k~OCOg#/c/Wwa>>r><72Y_7Oo_C#dz%gA[z|!?:eAAA!h!iP~aa~'W?pX15wCsDDDg1O9-J5*>.j<74?.fYXXIlK9.*6nl{/]py.,:@LN8A*%w%
                                                                                                                                                                              yg"/6C\*NH*Mz5y$3,'LL:v m2=:1qB!Mggfven/kY-
                                                                                                                                                                              BTZ(*geWf9+7KW-Xj9<qy
                                                                                                                                                                              +V<*mOW~&zMk^kU
                                                                                                                                                                              }]OX/Ya>(xodff-[nVE/(C<e;?TTTT6an{4[>UUMfeI?m]Nmq#=TR+Gw-6U#pDy:v{vg/jBFS[b[O>zG4<YyJTig}~.`{cjotE;;\tWW:_mt<O\kz{f7y9=zo~r'w'O_@AC?[jwGC8>99?rCd&/~m|x31^VwwO| (hSc3- cHRMz%u0`:o_FIDATxuxgHCpBnoen[[u:-u%ss@<@kssw'Y@ `C@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ `wM vsY$$IJe9M$L{4MF)h41zpp,KVV^nxwmT(6 lJ ]FRdY(J?`aCL~Vss&ill$`rP?M [TRUNCATED]
                                                                                                                                                                              ~>$u:PT:(bU7&BN"r,dY#Ih4:.
                                                                                                                                                                              UjjjfB@h4,\.IJJFQX|7adef"I,#+2D;=u-aQnJ$cG#A@ "(i$IpI=*++r*++Du$IhFjj*)x>Q2f]@n^!EFUU\.'(mq>[F,T`GiMGeCl}@ "(s<ZU)iNc2KKK)..:0i"IR\.dRq874PP5ksY~u
                                                                                                                                                                              [[Y/
                                                                                                                                                                              .[R-7J ]YRE(HbiR__O8@eEAUU,4MEFBbaRV^X.2$
                                                                                                                                                                              i4Gl;b=Ik#1YaM7
                                                                                                                                                                              !UU|J(Z^^YXX)//cYbiG\LtHJj*.?E]K~~!5DQ;\}i@JlRR- "^@ DP yE9DQ36m
                                                                                                                                                                              p<p8'2nT$Z.Z<6mDs-+qdVj2;1&u1yE vQB}YQIrssYvm\Z~N3.-]HIID(.="
                                                                                                                                                                              ][bKgF+[UOGX "(HO&Kk,UN3uRR4M-`mn7nPU[oWFRcN.mN2tt#v1.6@ DP t}KPHEQ$^Bk{%`Y UUX, 7/_*--#
                                                                                                                                                                              !!*CCB{[R[Y/Dk#8}::,6@ DP <V3u]?b5kXv-vWU{X!))mJJe<
                                                                                                                                                                              S]S+o7|]3tFt6cmLE@@ H(qtU+Wa`|,#11RU&'7@&,BUU[6["Z>#5"
                                                                                                                                                                              0o%]Ril@"["PUUdeeeWZ5k\K>UUx<^B_P(W
                                                                                                                                                                              e)1rJ"{5-@VjIaJ!&iA`_@QUU/]l-$p88.+RZVNAB6l,jkk=B__`;pc]"1Al.b1QZl(
                                                                                                                                                                              {AkjjXj+W">txs[OAfE
                                                                                                                                                                              []/~[AK`W1c525`QlNG7R!'B4+..tRYCCCCtaZu^ETTTIpIS1{B(dPolIoe]?uOG7ej@JG DP 6p8D"\vm)(( t:IMMAUTQj6l(bjj0}^vD;zrD`"}NttSL[.%ct@@ np8/[`6m$/HQQ1%e456bYJ|Zu @0uZm)aG[
                                                                                                                                                                              Y/v-X
                                                                                                                                                                              dYtL~KjYmU^:N7D$-*bI/
                                                                                                                                                                              -JZ+7b[m!%9D^l{o*&Dii9e:,)=V}I%IQp8(i\%Fx>m+>FN0nmf v)RrZ~HE DP 'q$IO^Zk0~m~-HZ$YIBVZ#+:E,CYW:^B-Sf::[cvLK:QlZA7 Ki<YPP8O?feOQ~;~Q?EV$?IbtmO4rVMZeq<Eml~G-\[2[Y-bK9v:`^!`zi3/_=j$I|_+]+Dbmk(ve(ZYJm:N__w&1:-=bmthB63P%It.hXXHH$qcV,4v.-3qii!V:-:QZcKbK:(_A`rk`,+I$({R{+m#[E3.4
                                                                                                                                                                              ~S=[Ok`}mb
                                                                                                                                                                              ZvnD;?Yl>=h{1nOj'7iiA 9:m):cG!QIA`_!$Gg^NKwTMZZH7NvNtt:ttsz!S?%9^2o%
                                                                                                                                                                              0ntOC[^S 8bK.cn-vV`7`WJ7n/DP tu'-:oC9ek3455];X;Q@ ;$mwoK
                                                                                                                                                                              _{1l]0EZZhicU-7`A@E%mCgWzHHXmu-kAW_W-RM]glIe|?;\]"-:Zgz]"(-:Q?9k%old>~p[aF]bR.-mtcKvqL0
                                                                                                                                                                              WG,-Plk]au f(H7HYBu=-~qB!JDfh^ /aPH9ic3?Zu5Q j[qG=x@qd 8xU@ *~d$,l]0" :D!H;:We+vdtaM{ZY@Z4,$dIBQl-UP$:lOxKJE~0rR!;{fKhHA|Jdy]]<tkc;2D@eQV>+Ir'ys-P7c,.;$QO=&`20?>*E(8x/vMZHK
                                                                                                                                                                              Pt5!!+q]DwJJCy4r~HH5P]HFnz|%o**)#u*x-+T+4[
                                                                                                                                                                              El7VK&!eS,_[|)hhcBJeb$eXb%sr1"~5/%&!LD !g|B#nqp&}5
                                                                                                                                                                              2:,I<ceYD"a9P.3#H!mSI5`!eIB:ii8q|<.d_U9Mm@P>DT8(.B4.$K
                                                                                                                                                                              Z}JwcMcCRhHHlNAw)j?o^(7_BrBUv8~1Pv`5of9"M=UkjavI<K;|ruW3yV,I{DYA:MN$a7TTVSV^Neeu3Q,r
                                                                                                                                                                              al_,.BMu2}{~eiGZ"U)\u%x^z7?G|fsDe-$u44(Q=7]p}eydf`v|w]}{<fHKD$,D
                                                                                                                                                                              2024-10-30 16:52:40 UTC8000INData Raw: 79 13 0d 4f 27 12 a8 69 1a f7 de 7d 2b 27 9e 70 1c 6e b7 6b 0b c1 ae af af a7 b8 b8 94 bb ef 7d 10 97 d3 c5 5d 77 de 42 63 63 23 8d 4d 4d 84 43 61 5e fe bf d7 29 dc b0 11 87 b6 fd 75 cb d1 68 14 d3 b2 70 38 1c 22 75 2d 10 08 11 14 08 04 bf f2 9a 7d 8f 14 ba 6d 45 14 4c d3 b4 0b 5c 24 99 a8 1e c5 30 0c 14 45 a1 4f df 9e 9c 7d e6 e9 28 8a c2 ab af bf 43 6e 6e 1e d7 5e 7d 39 8d 8d 4d dc 7a db bd 1c 7b cc 91 04 82 41 54 ad 0b 35 54 91 24 bb 51 b4 a9 83 c3 85 59 39 1f 29 5a 47 5d b3 c1 31 47 1d c5 11 87 4d e5 c2 3f 5f 85 a6 aa 3c 78 ff 9d 78 bd 1e 4e 3b e3 5c ea ea 1b b8 e6 ca 4b 99 3a 75 32 15 15 95 fc 32 73 0e 97 5f 7a 11 4d cd 7e ba 77 eb c6 0d d7 5d c9 7b ff fb 88 ef 1b 9b f9 28 c1 c7 2c 49 e1 24 2b c2 f1 e8 98 d8 15 c6 d9 58 c8 6c 5e 14 64 87 76 c2 e1 30
                                                                                                                                                                              Data Ascii: yO'i}+'pnk}]wBcc#MMCa^)uhp8"u-}mEL\$0EO}(Cnn^}9Mz{AT5T$QY9)ZG]1GM?_<xxN;\K:u22s_zM~w]{(,I$+Xl^dv0
                                                                                                                                                                              2024-10-30 16:52:40 UTC8000INData Raw: 7f 5e e1 6f 7f bd 17 8f c7 cd 0b ff 7a 99 7e fd fa f0 cb cc 39 b8 dd 1e 9e 7b e6 71 9e fe e7 0b cc 9a 3d 97 e3 8f 3b 1a 80 91 c3 87 51 52 5a c6 b4 29 07 b3 66 6d 1e e5 65 1b e9 95 65 57 42 17 97 ba 88 46 24 1c 5a 07 c2 24 49 b8 5c 4e 1e 7d ec 29 56 ac 58 c9 71 c7 1e c5 98 d1 23 71 3a 9d a8 6a eb 21 bc a2 a2 8a 97 5e 7e 95 37 de 78 1b 45 56 18 31 7c 08 cf fd f3 89 78 7f 41 80 07 1f b8 93 ac cc ee 7c 32 7d 06 20 31 a0 7f 3f 4e 3e e9 78 9c 4e bb 92 76 f0 e0 1c 7e f8 f1 17 74 5d 27 18 0c e1 f5 7a 71 c4 04 4f 37 4c 9a fd 7e 7c 3e 1f b3 e7 cc e3 e2 0b cf 25 2d 35 85 3f 9e 71 2a 8f 3d f1 4f 12 13 7d 28 8a 12 6b 10 1d 42 73 38 b6 5a 34 24 cb 32 cd cd cd d4 d6 d6 91 94 94 48 af 9e d9 3b 39 a6 d1 02 c5 89 9c 3e 1e cc 08 92 bb 1b ea f0 2b 62 d3 2f 1a 60 84 ed 25 ea
                                                                                                                                                                              Data Ascii: ^oz~9{q=;QRZ)fmeeWBF$Z$I\N})VXq#q:j!^~7xEV1|xA|2} 1?N>xNv~t]'zqO7L~|>%-5?q*=O}(kBs8Z4$2H;9>+b/`%
                                                                                                                                                                              2024-10-30 16:52:40 UTC8000INData Raw: 1d 4b df 96 45 31 db ae bc de de d4 75 8b 10 08 f6 2d 07 b4 e2 3d 45 e3 fb 80 85 08 00 0a 11 14 08 04 bf 4e 06 ac 58 b3 66 2b 26 7c b1 36 2e b1 db 5a 4f b8 22 c5 2b d8 91 e2 99 f6 e3 1f 3b 7c b6 ed 4c 5d b7 dc df 51 e5 f5 e6 02 29 9a 86 ef c5 12 d8 d1 57 28 8e 45 42 04 05 02 c1 76 9e c2 25 a9 5d 6b 94 ed 4a f1 8a 23 ad e0 37 95 47 da 09 e4 e6 0e b0 b9 3c b6 7f 7e 69 8b 19 66 5a 9b 86 d3 69 0a 7b 6b ef 51 c8 63 97 30 c0 f8 57 d0 a9 03 5a 1d dd 20 8e 5b 42 04 05 02 71 f2 dd 46 8a 97 df 6d 6c 9f 40 b0 3d fb f0 f6 ed 96 db ae bc de b2 5f 63 cb df 1d 89 63 fb bf db 8f 89 dc fc 79 44 f4 71 b7 0a 60 1b 0f 94 3a 59 a3 dd 10 41 4b c8 a0 10 41 81 60 9f 3e 69 b6 89 f6 99 fa 76 a4 78 f7 74 f1 b3 44 b1 81 a0 03 e9 db 9e a6 e1 2d a2 b0 3d 95 d7 9d 15 ce 6c 99 ae ee a8
                                                                                                                                                                              Data Ascii: KE1u-=ENXf+&|6.ZO"+;|L]Q)W(EBv%]kJ#7G<~ifZi{kQc0WZ [BqFml@=_ccyDq`:YAKA`>ivxtD-=l
                                                                                                                                                                              2024-10-30 16:52:40 UTC8000INData Raw: e1 7f ef 7f c4 3d f7 3e c4 69 67 9c c3 ea 35 6b db 3d fe a2 0b cf c3 e3 f1 fc ea 99 3d ec 08 b8 c4 93 8f 77 2e 81 bb fa fb 0e 87 c3 4c 99 3c 29 be df d6 d4 d6 f2 f5 37 df b1 6a f5 ea f8 7a 19 e9 69 8c 1d 3b 86 68 ac 82 7f 6b 64 67 65 92 9d 9d 45 9f de bd e8 d9 33 8b b4 d4 14 7a f6 cc 26 29 31 31 d6 3b d4 a0 b9 b9 19 d3 34 c8 ca ca a4 57 cf 9e 24 27 27 13 0e 87 09 06 83 db 35 cc c0 6a 23 f0 5b 93 fb d8 bc 44 5b 0a df 0e 4b e0 ef e2 7f 5b 88 59 07 1f 63 b7 16 3a b7 d9 84 7b 3c 22 22 28 10 74 11 4c d3 1e 58 9f 9d 9d 45 65 65 35 d1 68 34 16 51 b3 ec 62 0d 97 8b a2 a2 4d 74 eb 96 61 37 16 0e 47 48 eb d3 9b 41 83 06 52 5d 5d cb 88 e1 43 f9 79 e6 2c 32 32 d2 29 da b8 89 21 43 07 d3 ab 67 36 1b 36 6c 64 d9 f2 95 1c 7d d4 e1 98 86 49 20 10 68 d7 3f ce 30 4d 0a 0b
                                                                                                                                                                              Data Ascii: =>ig5k==w.L<)7jzi;hkdgeE3z&)11;4W$''5j#[D[K[Yc:{<""(tLXEee5h4QbMta7GHAR]]Cy,22)!Cg66ld}I h?0M
                                                                                                                                                                              2024-10-30 16:52:40 UTC8000INData Raw: 14 12 ad 9e 52 ca 78 51 e7 a9 d3 67 f0 d9 e7 5f e0 76 bb e3 85 bc 7d 7e 3f 56 24 82 cb e5 a2 5d db 36 cc 9e 3d 97 af cf 99 4b 28 14 46 ca 28 d0 69 9a 16 cf ee 7e fc 89 a7 79 f5 d5 37 31 5d 26 5e 8f 17 af 37 1a 33 e9 f1 78 f0 7a bd 14 15 79 29 29 29 a1 a6 a6 06 db 4e 76 cf 2b 8a c2 ce dd 7b d8 b3 67 2f 2e 97 89 cb e5 ca 99 8c 23 1a ab f7 97 a0 92 14 4b 6a bd 36 6c dc c4 ad b7 dd c3 81 03 07 70 bb 1b 62 50 73 ad b5 5f bf be fc f9 4f 0f 53 53 53 c3 ee 3d 7b a9 ad a9 a5 bc bc 2c 1e cf 57 af 9a 9a 1a 1e fc fd 23 b1 b8 54 91 91 9d fa f6 e9 43 c7 8e 1d 89 44 22 84 c2 d1 98 58 81 e0 ea ab be ce f9 09 3d b5 57 ac 58 c5 a6 4d 9b d0 75 23 d3 73 44 0e 18 cc 17 00 0b b5 04 3a 72 40 d0 91 23 47 47 bd a4 74 4a ef 1c cb aa 87 ac 7c ac 94 42 08 3c b1 6c 5e 29 65 bc f6 a0
                                                                                                                                                                              Data Ascii: RxQg_v}~?V$]6=K(F(i~y71]&^73xzy)))Nv+{g/.#Kj6lpbPs_OSSS={,W#TCD"X=WXMu#sD:r@#GGtJ|B<l^)e
                                                                                                                                                                              2024-10-30 16:52:40 UTC8000INData Raw: 83 3c b9 a9 61 0d f1 1a d4 0d 31 80 c9 f0 d7 30 2d 1f 08 cc 95 13 53 10 ca 35 16 db 27 0f 0f 14 1d 89 40 d8 da c7 c0 71 0d 3b 72 74 94 48 08 41 df 3e bd e3 b7 6f 55 55 59 bb f6 cb ac 31 78 92 68 52 48 ff 6e 02 24 e8 06 2c 5c 2f a9 f5 81 c7 d5 08 74 5a b0 61 8f 64 44 7f 81 65 41 b1 27 0a 92 52 66 8f 1f b2 a5 cd 81 83 07 e3 03 8b 94 36 1e 8f 07 c3 d0 93 ea d2 1d 0b 52 14 85 9a 9a 5a 66 ce 9c cd a8 91 23 e2 d3 c7 8f 1d 43 51 51 11 75 75 b5 8c 1c 31 9c f2 f2 b2 f8 7b 0b 16 2e 66 d7 ae dd 59 ad b7 f9 c8 e7 f3 f1 c6 1b 6f 21 85 42 91 c7 8b c7 eb c1 b6 2d b6 6d db ce da b5 eb 98 bf 70 11 1b 37 6e 02 a0 b8 b8 a8 d9 d7 9b 22 04 8f 3f f1 14 17 5c 70 5e 3c ce 50 55 55 6e ba e1 3a 66 cc 98 8d a6 eb c7 e6 97 2d 05 02 65 9c 63 1a 2c 7d 69 96 c0 7c 7c 95 d0 24 bf 5f be
                                                                                                                                                                              Data Ascii: <a10-S5'@q;rtHA>oUUY1xhRHn$,\/tZadDeA'Rf6RZf#CQQuu1{.fYo!B-mp7n"?\p^<PUUn:f-ec,}i||$_
                                                                                                                                                                              2024-10-30 16:52:40 UTC8000INData Raw: 70 d7 9d b7 d1 b9 53 47 7e f4 c3 ef 32 6e cc 68 2a 2a 2a 38 71 fc 18 7e f1 b3 fb 39 ff bc b3 f9 c5 cf ef a7 c8 eb 8d 5b 81 84 10 68 9a 4a 20 18 44 d3 35 ca ca 4a f9 e8 a3 29 6c db be 2d 56 c8 db c5 1d b7 de c4 cf 7f 76 3f 77 dd 79 1b 11 cb 42 08 85 ab ae fc 3a aa aa e2 f3 f9 38 6d f2 d7 78 f0 b7 bf e4 de 6f df 85 69 18 58 96 95 04 41 67 9c 7e 2a 3f bc ef bb 9c 78 e2 d8 f8 76 c3 e1 30 fd fa f7 65 cd 9a b5 18 ba 41 fb 76 6d b1 2c 0b 97 cb 45 49 51 11 1d da b7 63 f4 a8 91 68 9a 46 24 12 41 d7 75 74 5d a7 a8 c8 4b ef de 3d e3 60 58 bf ad 3e 7d 7a 53 5c 54 14 6d 5b 18 6b 53 58 5b 57 87 cf ef 67 e4 c8 e3 09 06 83 44 22 11 3a 77 ee 4c 97 2e 5d d8 b5 6b 37 1e b7 9b df fd fe 11 7e f9 ab df f1 fb 87 ff c4 59 67 9e c6 80 7e 7d 31 4d 93 5b 6f bd 91 9e 3d 7b 44 97 0b
                                                                                                                                                                              Data Ascii: pSG~2nh***8q~9[hJ D5J)l-Vv?wyB:8mxoiXAg~*?xv0eAvm,EIQchF$Aut]K=`X>}zS\Tm[kSX[WgD":wL.]k7~Yg~}1M[o={D
                                                                                                                                                                              2024-10-30 16:52:40 UTC8000INData Raw: e4 49 74 eb d6 95 b1 63 46 f1 83 1f fe 84 df 3c f8 30 fb f7 1f 40 4b c9 fa ad ef a1 1c 0c 06 a9 ab f3 31 64 c8 20 84 10 d4 d4 d5 a1 08 81 61 9a 68 9a 46 ef de bd 38 6e e8 10 d6 6d d8 88 ae 45 d7 a1 a9 1a db b7 ef a4 aa b2 9a 7e 7d 7b 53 e7 f3 71 fc f1 c3 d8 be 7d 07 07 0f 56 d0 a9 53 47 54 4d e3 8d 37 df 61 d8 d0 21 18 86 1e 47 2a 21 62 d9 b6 8a 8a a2 36 50 55 34 86 32 0a 39 8a 92 d2 a1 c4 96 78 dc 6e de 7e fb 5d ce 38 e3 34 14 45 e1 92 8b 2f e0 c3 8f 3e c1 48 28 af 92 1d 02 9b 9a 20 92 40 7d a2 c1 15 2c 52 ba e7 8a 26 41 60 ee e0 42 99 cf f4 fa 2c ec bc d2 a6 f3 44 09 99 05 e2 b2 a2 53 ea 97 54 e6 86 bc a6 7e a7 1b 9d 5f 34 93 1f 13 bb dc 50 70 12 92 c8 b5 2f cd b8 87 09 64 cc e5 dc ba 37 42 c7 35 ec c8 91 23 47 8d c0 e0 c1 83 07 f9 c3 23 7f a5 4b 97 4e
                                                                                                                                                                              Data Ascii: ItcF<0@K1d ahF8nmE~}{Sq}VSGTM7a!G*!b6PU429xn~]84E/>H( @},R&A`B,DST~_4Pp/d7B5#G#KN
                                                                                                                                                                              2024-10-30 16:52:40 UTC754OUTGET /wp-content/themes/shield-apps2/js/slick.min.js?ver=6.6.2 HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:40 UTC8192INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:40 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Last-Modified: Thu, 15 Aug 2019 07:49:20 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Length: 13417
                                                                                                                                                                              Content-Type: application/javascript
                                                                                                                                                                              w-{
                                                                                                                                                                              +W%byRh\'}]~w"XDR_;3t"g7_~3?8IG#y1K`?%v`Q#?PB7m*ICUe3@ia:-/^BqWEsi*V|%?CMW147{*BFVAe```s}(A,`8#gxg!L"8}5%Pn}uxABZx;AV9dfR
                                                                                                                                                                              AY#})roA3;=PVPWZ;9i*;7m~b1"Eso_&i!fHK* LK6Yy|T%(8r--DxOCUV9{z6%~SApBi(7302V->kiB`+]<uz&"Rc5=9k*\pM\!B%9~\t@AGl`}MYCp%}eBZ>$/sc+&BV.~U>oCh.MmB54]\Bit0 ?'?cRYQ?o?#"U> 3wWT_\^+0w^:Q_,~_c,1iTU!w_SMb6.0Wr:zx55vv)z6m>]4e{|r5 9^gW-BU;|i}cvgbmZS)EaU[XS
                                                                                                                                                                              P:f(J6`Mz({U9'_
                                                                                                                                                                              `Ms$&FfeR(R2oKU7wWj[Pw^M`z\\}cD:f!'`<.2VD>\dC+n;Yumnz:`7' DRV
                                                                                                                                                                              F7vhc/;,-m'*Lt*IlqCQ<l:dg ;Ou/Vw?YY)g`C(t.r`@5lr6m9t@wVI5nM,`\7
                                                                                                                                                                              }jv]m;YuHU= cY)+]oKyw\l0J5`J\Lx<`+]*Q-g+!*S8L(6f&0HA4'"E3m|Yq\s2ATbyEH@wq@(bns&$beRJ3~KFAC4-rBW)j!qUj8-d@d.4S3R
                                                                                                                                                                              C_nXpw.!ZKV:l0&dih!$~
                                                                                                                                                                              `gMR"fp`9SKtPrIB3Y+Z6U5Zx2&3l*wdM;JAq_UC5zQilmf-8p&(q3V`M|J'Gw0:g`Fsdz+G\ZxH,6fGw$+G2m5i-Hp%*3=tPNn2bfHi+Mxr(8eAyO(j
                                                                                                                                                                              Bq6E9YG/1|,a.91v\/8L{N%E(7`TeZiXCot$QUD?*o!Z2="[MLE'q_2
                                                                                                                                                                              eCP#PmI&0`<.R?B,
                                                                                                                                                                              GU yy
                                                                                                                                                                              z2&zCdd&$*<h^_`azUt30=qiCQM"tS4;7*>!1ymflC
                                                                                                                                                                              zpPVrv!OJ]fn8dQ*q2/
                                                                                                                                                                              J]xuy0cYbGE*i&"!5s|WZC/oMTx-+Dz\<'d:rw'_}_$8d.^iImFnk/5,lm[%"g#d{?~n,2Sw=rZB,B@:XB+}#Tm8
                                                                                                                                                                              q:trzv,RYH'=niX@1X+J+0(a[=jvZ`4P_+sNm. nb*U:/|8w:68x</$ER9$3~O8<:2V->,gy:4/_{QgBA maK9sCw)7KG<Ei0-U,}sk](bn3,sX7K
                                                                                                                                                                              fBqIaD?X~ir%15$$dJ3~1zYK!l/<Ew05(;.4ji9!JKAMcvS@K19'NdWK2=*AK_{sMzA"h~s Gb*,pW+iOU/|Walv,mFKrF6ddzMf6f&bx@"7?y>DgJ42zoi pPm"C,=Kfi\2|'`L2sr//' D/Sm<NCp y4bjXYB!.dNWWdEzc6NG4E.%"&3URJP,>P4msBH_]ul\(1hRiP_iN}8u.JBhSi8<TmR9U8}}` mdaw'JE\,ke17B%269_pxH5YSz]K<Ly{"NiPh>Y:9QdnEY
                                                                                                                                                                              t_zi4x5H.YH+]4`&,Yg6'O&O#AA+E@nzM*PB3V~4
                                                                                                                                                                              j sQL
                                                                                                                                                                              12=KfNZI,:XX
                                                                                                                                                                              !eUnCB\1c@D
                                                                                                                                                                              vk_4Wk%4.9
                                                                                                                                                                              +fYc3+Ue<LRsvk8lBJhNO&({5
                                                                                                                                                                              LX'?=,S94:=>>BdobK9gI$5)sB8U]Pul<wH:
                                                                                                                                                                              8dr\m8vyC1hrCX; 70H0d1d%bE*0oi|VX*O-s m
                                                                                                                                                                              $Ri<)oX1o:-b*8V-A'm`UeO-71CD'*OO;/BtlI\]g~2u Rt3):=+gp.;xf,nx+qs'Kx
                                                                                                                                                                              >4Pi(Dw*>Y!N,DcBxH42^L-@ML>1~qfCf-<-BGNK%Ra.>W[aPw4+-QCYGi"c!j0/Mn6,$Gu].5,kHY=
                                                                                                                                                                              byH~p&a9)C]`/iUpABYl3iflp&1k6]OOB-:}!@2[>!Tu2U9B,2VYU1.\jHjf#VY)g(FDYUcf8^cB#D= gPGd}XhP^1hYH,;B@uLK8>^G@Qu/udQIYa{=l#;+z2fq9pLF"U5_sF0Ff]pLBb!>Mr._,!v+m3rDsi~XYB!Z!<VRL:B,,U 1MaR)
                                                                                                                                                                              so&QU.Yr3Z2=Hb'j=nZ&2qLiMA\\2nl;nWsY-r,+U2.t)D`h}2B=xfMJCJ.@U6@V|-Pq!cK)Gl%mOfdgwN<jQW7q E'qp\1g2A*q^B\4Bpw9JvwRvelxw^Ah)E<4de:"5&,yj5<b:b~Z+usOcw/dprsZD]=~>b4=v/
                                                                                                                                                                              "m&@R~LS.fVc*-yfC
                                                                                                                                                                              ;ytt:KW)l)Ry-Ox<cg]ivQF1Bt?}V8$}A5ocye,^9%LldBsf(G}u'!}PgJrBG%%y=OToF<P#~E4%6=N74$#w)/{H(xi?v:T9~;\BEBm|QR+CGO0Vc{Vw(
                                                                                                                                                                              #=HbI3`+]+^=RYB=<Mb,U:dGlub0`p!?wwhdgL&Yn07=a/E]5N'f]9hPCMjz>R?0Ei }LFsw'K+R+mF07DxnysnR;SIk:E.`B,1!:lT.%F=<}(v8T-xMGj/x3V?j9L?i
                                                                                                                                                                              2IqYGX52f.rfLlV\"m^3x3QR\L=}?_*c_XcfUZ+7ur&fd,pH7n`c}qtW5VZP{*qdn8YDp'm&*)Yio(uzd@eeY2I9uGKVXXUK{C(2s?O{BIg /LQwr:!zV\)YUXmMi9
                                                                                                                                                                              uWlfiN"}n6hOBtr;Y!b
                                                                                                                                                                              ^1vcBx@IF&2y{Ek?N9ad{P$:l`R|,.+-x&s{HNg;z{(
                                                                                                                                                                              sqf=W.St):w}lFTAf9Kr8-=K[w[jX"*\rgf*#J{]x
                                                                                                                                                                              g%`6$%Lk33#
                                                                                                                                                                              {RC=srZgn7BzH[YUa
                                                                                                                                                                              F$9X-Y\o^=/Wo
                                                                                                                                                                              c2}IKs0F&2vDu/bJ0v9L'Tk2?~@w_1<l>0!+r1vp#}'0d'CIB |1kulBEIs1Nf<aDhJqxM'17ddhX%e/rf")Y 9~9hJNq\ocF,m!h`5{ORNMc8=|"f3L}8}pw}R-r8hDH\azzJ\/0j/}mv'eB!'2><_E,Avg=*@l9acOz*hk|*PB+&:NLXl3if,2`?)#+WTZE%d1\/0@2s%8_qd8dQ}SwV)'W=X1j9L;(-.gU'ed}|S.r`aD|2Az{4;{&aZ-saR.e71Y!j1w&;,=6.<m3\;6'2qct|s%VNG`^Ce;\^1KSASx@.(n"Qf,Bs*A>TDZhPgNisDj93c_ag
                                                                                                                                                                              2024-10-30 16:52:40 UTC767OUTGET /wp-content/themes/shield-apps2/js/skip-link-focus-fix.js?ver=20151215 HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:41 UTC815INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:40 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Last-Modified: Thu, 15 Aug 2019 07:49:20 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Length: 472
                                                                                                                                                                              Content-Type: application/javascript
                                                                                                                                                                              Qo@OaiMJsa@CTK$]t4;wi6=,Sv:0/ ICj:lR^}WlZ=q2Z!>@lii
                                                                                                                                                                              9@gLykFV\BeVt-[b;i-fbxJ
                                                                                                                                                                              k,-F U`I3$0iHx!K$zZ#jd]a@%DL}s4]pzt|7?Vw{!zd<ubjiF;,RU/|dG9+w7_g`yd<H`;.}?X3j=d< >.`]@!,,F->Qsf+K'o/dOSmn%[)Mp
                                                                                                                                                                              2024-10-30 16:52:41 UTC806OUTGET /wp-content/uploads/2016/03/box-anti-malware1.png HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:41 UTC8192INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:41 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Last-Modified: Thu, 08 Apr 2021 06:30:29 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 189587
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Type: image/png
                                                                                                                                                                              PNG
                                                                                                                                                                              IHDR[ppHYs.#.#x?v
                                                                                                                                                                              OiCCPPhotoshop ICC profilexSgTS=BKKoR RB&*!J!QEEQ,
                                                                                                                                                                              !{k>H3Q5B.@
                                                                                                                                                                              $pd!s#~<<+"xM0B\t8K@zB@F&S`cbP-`'{[! eDh;VEX0fK9-0IWfH0Q){`##xFW<+*x<$9E[-qWW.(I+6aa@.y24x6_-"bbp@t~,/;m%h^uf@Wp~<<EJB[aW}g_Wl~<$2]GLbG"IbX*QqD2"B)%d,>5j>{-]cK'Xto(hw?G%fIq^D$.T?D*A,`6B$BB
                                                                                                                                                                              dr`)B(*`/@4Qhp.U=pa(Aa!bX#!H$ Q"K5H1RT UH=r9\F;2G1Q=C7Fdt1r=6h>C03l0.B8,c"VcwE6wB aAHXLXNH $47Q'"K&b21XH,#/{C7$C2'ITFnR#,4H#dk9, +3![
                                                                                                                                                                              b@qS(RjJ4e2AURT5ZBRQ4u9IKhhitNWGwg(gwLT071oUX**|
                                                                                                                                                                              J&*/TUUT^S}FU3SUPSSg;goT?~YYLOCQ_ cx,!ku5&|v*=9C3J3WRf?qtN(~))4L1e\kXHQG6EYAJ'\'GgSS
                                                                                                                                                                              M=:.kDwn^Loy}/TmGX$<5qo</QC]@Caa<FFi\$mm&&!&KMMRM);L;L5=12`ZxZ,eIZYnZ9YXUZ]F%NNgm}agbg}}=Z~sr:V:?}/gX3)iSGggsK.>.Jtq]z6i4)Y3sCQ?0k~OCOg#/c/Wwa>>r><72Y_7Oo_C#dz%gA[z|!?:eAAA!h!iP~aa~'W?pX15wCsDDDg1O9-J5*>.j<74?.fYXXIlK9.*6nl{/]py.,:@LN8A*%w%
                                                                                                                                                                              yg"/6C\*NH*Mz5y$3,'LL:v m2=:1qB!Mggfven/kY-
                                                                                                                                                                              BTZ(*geWf9+7KW-Xj9<qy
                                                                                                                                                                              +V<*mOW~&zMk^kU
                                                                                                                                                                              }]OX/Ya>(xodff-[nVE/(C<e;?TTTT6an{4[>UUMfeI?m]Nmq#=TR+Gw-6U#pDy:v{vg/jBFS[b[O>zG4<YyJTig}~.`{cjotE;;\tWW:_mt<O\kz{f7y9=zo~r'w'O_@AC?[jwGC8>99?rCd&/~m|x31^VwwO| (hSc3- cHRMz%u0`:o_FIDATxu\jvINB)QZ5nG)4M:>W;k a!wgg99GH)Q(#1!BkV$$
                                                                                                                                                                              Am]hvmau-P((J~63O6V4T
                                                                                                                                                                              U($}^T
                                                                                                                                                                              ]a]P(C+4mN<oh2bPgg'hN:;;I$aA43|{5Wo3?zxB;@+u@eV5ggLP(*wi4mbmRVbR)mi`<X5(q<!e%@'~0*hJb=~?\l+
                                                                                                                                                                              %
                                                                                                                                                                              FQb!D"18Lq4)0
                                                                                                                                                                              J;T4x
                                                                                                                                                                              m,D"N(qtt]-NJRg/{#X4GIGweGv{BP"P(h60L&gR]]Mcc#mmmi<C-me(,,eJV
                                                                                                                                                                              ZZ;p\00p(z {e;h']JGw~S*BDPPgdNmiiW]]-vAmm-ilV0xaD"v$,Z5PUSO<@ha`Y&L4{~?z-,z5*
                                                                                                                                                                              %
                                                                                                                                                                              `@0N4Tm}vH)u?MkYVyG `BtlVq6[6c;Xh@a7RKWK]VwNGw;z*
                                                                                                                                                                              %
                                                                                                                                                                              _Dt]X:>j-[(//t:,[4M#
                                                                                                                                                                              2<fVvTViN}9u~a*]Tss,eBq~R"P9hcGqqcuE@uv)p$DfGe-X7a}h,Rw08{.=Q~%tW:zj*G J!(4/>v[&i\,qo0?SPOt`@0m%IG6tt~:QWP"P(~%_mO
                                                                                                                                                                              yyIU.^EUMd
                                                                                                                                                                              M2-]H({)Fe=[XMO:
                                                                                                                                                                              ABiQi^8Gl7M}=@'x2zm\45
                                                                                                                                                                              q0]df/{'g_U/I:feQ_T(*wNB~F[\v-;v Lv4)~9JMhtv6l&WCJ-08LoP
                                                                                                                                                                              J?L8{g+vMyo4v&(J
                                                                                                                                                                              h60=nua---3MHP8"]OPek$Je{;,BHg/q{6IO5+*L6m{
                                                                                                                                                                              %
                                                                                                                                                                              a\H$qcxUDH+6l^IJ]4^T&X{BS]6%N,Veg`WFBDP8`%B+[ZZ[ky-_p8IG4!Wd
                                                                                                                                                                              ?F
                                                                                                                                                                              U[!*d/3wGO:tth?KS(T(</<S#V\6{6X M-,^-oTM|B)^{6Ntt}<vTtJ
                                                                                                                                                                              &-b&/_Nyy9t`0@Bt rQmlqC?(}C==]8r/IGGn/t^J
                                                                                                                                                                              ~Qe}-L~tUKPYUDc)Voz::c-\snWuQ(>8`nqIG^MJG7:ZP"P8-+X|yp%446i
                                                                                                                                                                              g-lD2B{v#YDh:i"%wMd]V3d/la#=btvBBqx84d.[jUhTUWLjl{GB2B9DCGds\"=q\'HEzE?,Q<"Q%{F.YQ'D.
                                                                                                                                                                              %
                                                                                                                                                                              E?X5M_ys.`6QFm}3q\C5t
                                                                                                                                                                              ><
                                                                                                                                                                              vGhi0!+nM4eg :a"7+(I<_=FsnYF('"J]6=v[lc%~LW:SZA`_$ig8{>Slj#N26/cJaZ f aNz@)%2+h~$^eohegaW'tIc,:Yytq].JTZZ@`^dt?6T=ABsg\k,|}haY?@a"~wSWdvM* QF_D=E:.k+H.5-KLUQqp^e8VN=%vABq43`aY=xxWhiyOj=44MC7>ii5{^ZEwt]\QDXJ9']f(vbU(T(\B+[y/e1Z n#N&hhtE&zls]<e=`f/y]evzmuv_NW]DP8ly:{q:"{N]Z{\twJ;-(fjV3
                                                                                                                                                                              {w?XAO:c=~2T(T(M|.~{N?5]akPd*-:\'[]ii]S-QJy&CO:K?^QDP8%<M1~uv;58^Ba"0Z-]iZ;KJK+_%l:)+?W"P(lEmb4D4Z
                                                                                                                                                                              `<V~eo]:n?;QB 9if3*wX{brOM{cWZs]`zDnx+>]t8n7Stt,:^bT"P(9G...~TF*>PadMT-c=nWL6;[UK+>K>t{z+FE%
                                                                                                                                                                              ETe
                                                                                                                                                                              k"wK+=fbwTiict;qji
                                                                                                                                                                              d MvJaS]Tg/M1U"PN'EJKC,DtC,4Mn~rC9F9
                                                                                                                                                                              zjA_qOjt}ywwJK+
                                                                                                                                                                              K'fT_XXDP8>`d#z~Cg3;_=qY0wLN%7pgh/tU]#HKA"}fK{a"mx/=
                                                                                                                                                                              ?UZZ^
                                                                                                                                                                              !\J
                                                                                                                                                                              }a"_05-NQ?=?g(,@hF$Y:JeUU[z>)]xq/Mg_v4lt%='Qx*
                                                                                                                                                                              {~BM;[^c.X*[JncO*7
                                                                                                                                                                              /tHSGt$9Ez.1KX*2{Z-+5KtWZoN_%
                                                                                                                                                                              E?FwCgc*"naF0sFbN**/^ L547MS`Ins(/o]T=yadu]^j{V(T(?Yn,TClxzy0@ @z6vv2m7.)\iBItH[9)Gb5f]x{)hyWj{Oii%
                                                                                                                                                                              %
                                                                                                                                                                              E? ^EVWCgj<K73y#N_BGA.N}8J;LaDgFr.wq
                                                                                                                                                                              S65y(C3TA:jKKwMvmo^>@**yCcXF0]QqARLDhnt
                                                                                                                                                                              :k{S.
                                                                                                                                                                              X]t*<G{V]QVp[#M
                                                                                                                                                                              2024-10-30 16:52:41 UTC746OUTGET /wp-includes/js/wp-emoji-release.min.js?ver=6.6.2 HTTP/1.1
                                                                                                                                                                              Host: shieldapps.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                                                                              Referer: https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:41 UTC5709INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:41 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Last-Modified: Fri, 03 May 2024 17:44:40 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                              X-Endurance-Cache-Level: 0
                                                                                                                                                                              X-nginx-cache: WordPress
                                                                                                                                                                              Content-Length: 5365
                                                                                                                                                                              Content-Type: application/javascript
                                                                                                                                                                              RisHLqivwdF*8,EA[c*e7IeVxCO)3("?e[Qy~5\3*+_H[]%-hnjm2hsv4z<R&*.k-7XL3A74!DqS_j*JY72%lP%Iu%9jhtf:1fU^`TU<}G6L?\g4rE4KuUVd%CyN(]f9ot|&yc8)?Dl3mob-%y]nXl~\I0uvE!ZK&7iLH+3MRS{Y*4KFNH^/|^/XEf3h5GF3#zuEg*?-FLe0$/U9sO[YkBGq9p$SjY_7fe`=Q3+XYRh,udBkbTF6IZ9r"`b$ S# )DGb[1v
                                                                                                                                                                              Xh0.+MM.jRZgyA7~%S|)<wv"8b8VVa
                                                                                                                                                                              HoWW7|j6bHY%LfCp
                                                                                                                                                                              YRbJ"9LU^efybY&=5krITT[/{?]V)TJNfa^T60]yI!C%db)tjL
                                                                                                                                                                              fXhMRf+dmVb+ei8B?AKz{@JWz`
                                                                                                                                                                              *65a,W6bKCvv!!s+XmAL$0~{]aOcbc]U1v|iFX\qAXU-kE{Bdvdc[KH2k=;;4J>Kciw;YIz&',Y2DLVl4VkcOW7<BB{!ai~:ci
                                                                                                                                                                              <-0}j9|}7kE1>]S5P?T#v5j|5?q'm5s|[0N;}2cu6FzF;TnnJZJc8+<9aFtdZqV<Sm>|dptgc2wx,cmO>c|#}vxh(?o5}
                                                                                                                                                                              qoT%3i>8uhukPg)iQS.C=19w#=`Lc*=:eJ?[ptu'O}N7vzQ z/7AXWwKLNC+Xjzec.}e,pZ}D=nnQG#c,"vr?RoU?0QujR nl?B;|lh")I~8L2!<CdK2.[f9)nWQCiGBh(M.dFtqTR<mDCqx?"2DIDR@:44C"z!2M*1gke7H{sff'S(YJyvz(
                                                                                                                                                                              r:HnZnar`!} YhkwN6KIK7h=r&x">d.6.H-v<| fn7>SEp*[O7$IuekGFtKmWCpxyq4t'C(chcP"dC)0{>Of{G1I?mf`P"0O]D9C)J``mH8GSD6TlQvFMQ9xIQ(]QJt<Y@V?D1;G&H?V-v
                                                                                                                                                                              l! #FDbH1W<l&ai#L|`0ED4i@1">R kUR,L$J0d\1cW:]1Fib!H#Q0{2=?aRG6lF%=W(0SO`<yTq:tK&/Y8Bfgzezt{=PS6\!!2G#hhU!RWGu41Vr\T}pD@:P<)@h?x">2y1bDA,RK4BTQ*!{>n_GS\htj+8,|jnWr?Hvnwp8>HCs9!JFA"8rKvX~>iGGL!9ZI:Zf=-v}-uVJ{j;9+d_ pN^GpL==wEuvBoutVkKEw?l>`8c]'u>.}FAgA!_j<Zo+:fW;==C)vS`'[u[zN:&9_L:[|T[/&!#!ezqq<Xj"F1b3@ep,<RWu1VF=9.#DY(# r~80Q7$FDR7zv<D|GEG!WGq&@9W!"UVt/pw!J[@88jq#ma [TRUNCATED]
                                                                                                                                                                              [lEJ6}01V[F)h/fQ'I`0!i/E^|xS/;G~_4~_paOB:h?M+qQ4dDF%aN&iF>m3*+X8N(>iDXsRUiZMV0/*yV8;WA[H:xovKD=r$t#gYq':1aiiT30BM Kq(P>=9??EZpOIy'?^+|-m7Hbxv.],s1R2ct&K@d[?#DrDq|DFt=5"2,4uM>H3("X,12@T;xq!@7x0o3<o1-V;d>Wcy>.zu:1f0D<C(i|AycGB.DB%|#J7QA'qd7(b<E+@a,y[&+[/5
                                                                                                                                                                              *Nrnjj@Y_mkuSo-Is(y],Z^f9{_2ET5,KInSR8SQ|[NLiOGn++9/\3$SBScYC/Tk$ Go{@r~Pw7yN';Opb2Cw\f"7pm|\MhYPB%)4I#"vq&Zv5K,VXsRAkSi4SKd900VP8E+ |-WH`WR+mD?<iw2$I
                                                                                                                                                                              7p]-r425VdOmr5}az`/ i\#g+'a\-KZ]^9F^1b&I


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              16192.168.2.449775142.250.186.1104433412C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:43 UTC1513OUTPOST /g/collect?v=2&tid=G-V0DL3XBK82&gtm=45Pe4as0v896163840za200zb813187311&_p=1730307159123&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101533421~101823848~101878899~101878944~101925629&gdid=dZTNiMT&cid=1954789622.1730307161&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1730307161&sct=1&seg=0&dl=https%3A%2F%2Fshieldapps.com%2Fpost-install%2Fpc-privacy-shield-successful-installation%2F%3FlnT%3DPostInstall%26ipA%3D173.254.250.78%26mcA%3D2E65165C89BF%26osN%3DMicrosoft%2BWindows%2B10%2BPro%26osV%3D10.0.19045.0%26lng%3Den%26bdV%3D4.9.8%26scR%3D%26lcA%3D%26lcE%3D&dt=PC%20Privacy%20Shield%20-%20successful%20installation%20%7C%20ShieldApps&en=page_view&_fv=1&_ss=1&_ee=1&tfd=8209 HTTP/1.1
                                                                                                                                                                              Host: analytics.google.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              Origin: https://shieldapps.com
                                                                                                                                                                              X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                              Referer: https://shieldapps.com/
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:43 UTC845INHTTP/1.1 204 No Content
                                                                                                                                                                              Access-Control-Allow-Origin: https://shieldapps.com
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:43 GMT
                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                              Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                              Access-Control-Allow-Credentials: true
                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                              Content-Security-Policy-Report-Only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
                                                                                                                                                                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to=coop_reporting
                                                                                                                                                                              Report-To: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
                                                                                                                                                                              Server: Golfe2
                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                              Connection: close


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              17192.168.2.449771142.250.185.1004433412C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:43 UTC1018OUTPOST /ccm/collect?en=page_view&dl=https%3A%2F%2Fshieldapps.com%2Fpost-install%2Fpc-privacy-shield-successful-installation%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=1214167140.1730307161&auid=1439299319.1730307161&npa=0&gtm=45He4as0v813187311za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533421~101823848~101878899~101878944~101925629&tft=1730307161294&tfd=7977&apve=1 HTTP/1.1
                                                                                                                                                                              Host: www.google.com
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              Origin: https://shieldapps.com
                                                                                                                                                                              X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                              Referer: https://shieldapps.com/
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:43 UTC467INHTTP/1.1 200 OK
                                                                                                                                                                              Vary: Origin
                                                                                                                                                                              Vary: X-Origin
                                                                                                                                                                              Vary: Referer
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:43 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Server: scaffolding on HTTPServer2
                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              Access-Control-Allow-Origin: https://shieldapps.com
                                                                                                                                                                              Access-Control-Expose-Headers: vary,vary,vary,date,server,content-length
                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                              Connection: close


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              18192.168.2.449776142.250.186.1624433412C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:43 UTC1001OUTGET /td/ga/rul?tid=G-V0DL3XBK82&gacid=1954789622.1730307161&gtm=45Pe4as0v896163840za200zb813187311&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101533421~101823848~101878899~101878944~101925629&z=325251096 HTTP/1.1
                                                                                                                                                                              Host: td.doubleclick.net
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Upgrade-Insecure-Requests: 1
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                              Sec-Fetch-Mode: navigate
                                                                                                                                                                              Sec-Fetch-Dest: iframe
                                                                                                                                                                              Referer: https://shieldapps.com/
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:43 UTC785INHTTP/1.1 200 OK
                                                                                                                                                                              P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                              Timing-Allow-Origin: *
                                                                                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:43 GMT
                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                              Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                              Cache-Control: no-cache, must-revalidate
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              Server: cafe
                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                              Set-Cookie: test_cookie=CheckForPermission; expires=Wed, 30-Oct-2024 17:07:43 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                              Accept-Ranges: none
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              2024-10-30 16:52:43 UTC18INData Raw: 64 0d 0a 3c 68 74 6d 6c 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                              Data Ascii: d<html></html>
                                                                                                                                                                              2024-10-30 16:52:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              19192.168.2.44977474.125.133.1544433412C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:43 UTC863OUTPOST /g/collect?v=2&tid=G-V0DL3XBK82&cid=1954789622.1730307161&gtm=45Pe4as0v896163840za200zb813187311&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101533421~101823848~101878899~101878944~101925629 HTTP/1.1
                                                                                                                                                                              Host: stats.g.doubleclick.net
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              Origin: https://shieldapps.com
                                                                                                                                                                              X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                              Referer: https://shieldapps.com/
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-30 16:52:43 UTC845INHTTP/1.1 204 No Content
                                                                                                                                                                              Access-Control-Allow-Origin: https://shieldapps.com
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:43 GMT
                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                              Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                              Access-Control-Allow-Credentials: true
                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                              Content-Security-Policy-Report-Only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
                                                                                                                                                                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to=coop_reporting
                                                                                                                                                                              Report-To: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
                                                                                                                                                                              Server: Golfe2
                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                              Connection: close


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              20192.168.2.449777149.210.194.2534435812C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:44 UTC173OUTPOST /pcprivshield/pcprivshield_2.php HTTP/1.1
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Host: pps.shieldappsverify.com
                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                              Expect: 100-continue
                                                                                                                                                                              2024-10-30 16:52:44 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                              2024-10-30 16:52:44 UTC90OUTData Raw: 6c 61 62 65 6c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3d 31 26 6c 61 62 65 6c 69 64 3d 36 26 6d 61 72 6b 3d 30 26 6c 61 6e 67 3d 65 6e 26 6b 65 79 3d 26 6d 61 63 3d 32 45 36 35 31 36 35 43 38 39 42 46 26 61 70 70 76 65 72 3d 34 2e 39 2e 38 26 70 75 73 68 70 6f 70 3d 31
                                                                                                                                                                              Data Ascii: labelconfiguration=1&labelid=6&mark=0&lang=en&key=&mac=2E65165C89BF&appver=4.9.8&pushpop=1
                                                                                                                                                                              2024-10-30 16:52:45 UTC1160INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:44 GMT
                                                                                                                                                                              Server: Apache/2.4.38 (Debian)
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Content-Length: 969
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              {"id":"1011","locale":"en","buylink":"https:\/\/shieldapps.com\/external\/buy-pc-privacy-shield.php","aboutus":"https:\/\/shieldapps.com\/products\/pc-privacy-shield\/","support":"https:\/\/shieldapps.com\/supportmain\/pc-privacy-shield-support\/","linkafterinstall":"https:\/\/shieldapps.com\/post-install\/pc-privacy-shield-successful-installation\/","linkafteruninstall":"https:\/\/shieldapps.com\/post-uninstall\/pc-privacy-shield-is-now-completely-removed\/","buyrenew":"https:\/\/shieldapps.com\/external\/buy-pc-privacy-shield.php","bannerhometrial":"","bannerhomelinktrial":"","bannerhomepremium":"","bannerhomelinkpremium":"","bannerfix":"","bannerlinkfix":"","splashtime":"17:00:00","splashpopuptime":"17:00:00","showsplash":true,"tipOfDayLink":"","forceupdate":false,"pushupdate":false,"phonenum":"","forcepopupguid":null,"forcepopupimage":null,"forcepopuplink":null,"forcepopuptime":null,"willexpireindays":"KEY_MALFORMED","trialdays":7,"trialenabled":true}


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              21192.168.2.449779173.222.162.32443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:46 UTC2172OUTPOST /threshold/xls.aspx HTTP/1.1
                                                                                                                                                                              Origin: https://www.bing.com
                                                                                                                                                                              Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              Accept-Language: en-CH
                                                                                                                                                                              Content-type: text/xml
                                                                                                                                                                              X-Agent-DeviceId: 01000A4109000CC6
                                                                                                                                                                              X-BM-CBT: 1696420817
                                                                                                                                                                              X-BM-DateFormat: dd/MM/yyyy
                                                                                                                                                                              X-BM-DeviceDimensions: 784x984
                                                                                                                                                                              X-BM-DeviceDimensionsLogical: 784x984
                                                                                                                                                                              X-BM-DeviceScale: 100
                                                                                                                                                                              X-BM-DTZ: 60
                                                                                                                                                                              X-BM-Market: CH
                                                                                                                                                                              X-BM-Theme: 000000;0078d7
                                                                                                                                                                              X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
                                                                                                                                                                              X-Device-ClientSession: 0912CF9094994CFA88DE52C6FB19D4E1
                                                                                                                                                                              X-Device-isOptin: false
                                                                                                                                                                              X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                                                                                                                                                                              X-Device-OSSKU: 48
                                                                                                                                                                              X-Device-Touch: false
                                                                                                                                                                              X-DeviceID: 01000A4109000CC6
                                                                                                                                                                              X-MSEdge-ExternalExp: bfbwsbrs0830tf,d-thshldspcl40,msbdsborgv2co,msbwdsbi920t1,spofglclicksh-c2,webtophit0r_t,wsbmsaqfuxtc,wsbqfasmsall_t,wsbqfminiserp400,wsbref-t
                                                                                                                                                                              X-MSEdge-ExternalExpType: JointCoord
                                                                                                                                                                              X-PositionerType: Desktop
                                                                                                                                                                              X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                                                                                                                                                                              X-Search-CortanaAvailableCapabilities: None
                                                                                                                                                                              X-Search-SafeSearch: Moderate
                                                                                                                                                                              X-Search-TimeZone: Bias=0; DaylightBias=-60; TimeZoneKeyName=GMT Standard Time
                                                                                                                                                                              X-UserAgeClass: Unknown
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                              Host: www.bing.com
                                                                                                                                                                              Content-Length: 2233
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Cookie: MUID=6666694284484FA1B35CCB433D42E997; _SS=SID=193A581F83766B4319784BBF829B6A16&CPID=1696420820117&AC=1&CPH=e5c79613&CBV=39942242; _EDGE_S=SID=193A581F83766B4319784BBF829B6A16; SRCHUID=V=2&GUID=BA43D82178364AEA9C1EE6C32BE93416&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231003; SRCHHPGUSR=SRCHLANG=en&LUT=1696420817741&IPMH=425591ef&IPMID=1696420817913&HV=1696417346
                                                                                                                                                                              2024-10-30 16:52:46 UTC2233OUTData Raw: 3c 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 36 36 36 36 36 39 34 32 38 34 34 38 34 46 41 31 42 33 35 43 43 42 34 33 33 44 34 32 45 39 39 37 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 38 39 32 46 41 30 37 38 38 36 34 31 34 42 44 46 38 45 45 31 37 36 34 41 35 39 46 46 33 39 43 36 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43
                                                                                                                                                                              Data Ascii: <ClientInstRequest><CID>6666694284484FA1B35CCB433D42E997</CID><Events><E><T>Event.ClientInst</T><IG>892FA07886414BDF8EE1764A59FF39C6</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"C
                                                                                                                                                                              2024-10-30 16:52:47 UTC480INHTTP/1.1 204 No Content
                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                              X-MSEdge-Ref: Ref A: 9AB8BAFDF10741E8B9DC1F322A9DE644 Ref B: LAX311000109017 Ref C: 2024-10-30T16:52:46Z
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:46 GMT
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Alt-Svc: h3=":443"; ma=93600
                                                                                                                                                                              X-CDN-TraceID: 0.2fa6dc17.1730307166.1884207d


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              22192.168.2.449780149.210.194.2534435812C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:48 UTC97OUTGET /ext/cyber_whitelist.txt HTTP/1.1
                                                                                                                                                                              Host: pps.shieldappsverify.com
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              2024-10-30 16:52:48 UTC272INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:48 GMT
                                                                                                                                                                              Server: Apache/2.4.38 (Debian)
                                                                                                                                                                              Last-Modified: Wed, 26 Oct 2022 10:27:46 GMT
                                                                                                                                                                              ETag: "2bf-5ebed79c0ac80"
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 703
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                              2024-10-30 16:52:48 UTC703INData Raw: 61 70 70 6c 65 2e 63 6f 6d 0a 62 61 6e 6b 6f 66 61 6d 65 72 69 63 61 2e 63 6f 6d 0a 42 6c 6f 67 73 70 6f 72 74 2e 63 6f 6d 0a 62 75 7a 7a 66 65 65 64 2e 63 6f 6d 0a 63 68 61 73 65 2e 63 6f 6d 0a 43 72 61 69 67 73 6c 69 73 74 2e 63 6f 6d 0a 64 72 6f 70 62 6f 78 2e 63 6f 6d 0a 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 0a 67 69 74 68 75 62 2e 63 6f 6d 0a 68 73 62 63 2e 63 6f 6d 0a 69 6e 73 74 61 67 72 61 6d 2e 63 6f 6d 0a 69 6e 74 75 69 74 2e 63 6f 6d 0a 6a 69 72 61 2e 63 6f 6d 0a 6c 69 6e 6b 65 64 69 6e 2e 63 6f 6d 0a 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 6e 65 74 66 6c 69 78 2e 63 6f 6d 0a 6f 66 66 69 63 65 2e 63 6f 6d 0a 70 61 79 70 61 6c 2e 63 6f 6d 0a 70 69 6e 74 65 72 65 73 74 2e 63 6f 6d 0a 70 6c 61 79 73 74 61 74 69 6f 6e 2e 63 6f 6d 0a 72 65 61 6c 74
                                                                                                                                                                              Data Ascii: apple.combankofamerica.comBlogsport.combuzzfeed.comchase.comCraigslist.comdropbox.comfacebook.comgithub.comhsbc.cominstagram.comintuit.comjira.comlinkedin.commicrosoft.comnetflix.comoffice.compaypal.compinterest.complaystation.comrealt


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              23192.168.2.449781149.210.194.2534435812C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:53 UTC173OUTPOST /pcprivshield/pcprivshield_2.php HTTP/1.1
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Host: pps.shieldappsverify.com
                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                              Expect: 100-continue
                                                                                                                                                                              2024-10-30 16:52:53 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                              2024-10-30 16:52:53 UTC90OUTData Raw: 69 73 66 69 72 73 74 72 75 6e 3d 31 26 6d 61 63 3d 32 45 36 35 31 36 35 43 38 39 42 46 26 6c 61 62 65 6c 69 64 3d 36 26 74 61 67 75 69 64 3d 37 31 34 33 34 44 35 36 2d 31 35 34 38 2d 45 44 33 44 2d 41 45 45 36 2d 43 37 35 41 45 43 44 39 33 42 46 30 26 74 61 67 6d 69 64
                                                                                                                                                                              Data Ascii: isfirstrun=1&mac=2E65165C89BF&labelid=6&taguid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&tagmid
                                                                                                                                                                              2024-10-30 16:52:54 UTC194INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:53 GMT
                                                                                                                                                                              Server: Apache/2.4.38 (Debian)
                                                                                                                                                                              Content-Length: 27
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              {"firsttimerun":1730307173}


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              24192.168.2.44978320.109.210.53443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:57 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BmRxXm81SrA95px&MD=Rw14uCfM HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                              Host: slscr.update.microsoft.com
                                                                                                                                                                              2024-10-30 16:52:57 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                              Expires: -1
                                                                                                                                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                              ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                                                                                                              MS-CorrelationId: 021d6f96-5f85-4952-8d45-b432273cb17e
                                                                                                                                                                              MS-RequestId: 4b91b941-55db-4f72-bc74-42928b1fe593
                                                                                                                                                                              MS-CV: JOxwOaWqDEaTxsT6.0
                                                                                                                                                                              X-Microsoft-SLSClientCache: 1440
                                                                                                                                                                              Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:56 GMT
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Length: 30005
                                                                                                                                                                              2024-10-30 16:52:57 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                                                                                                              Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                                                                                                              2024-10-30 16:52:57 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                                                                                                              Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              25192.168.2.44978613.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:57 UTC195OUTGET /rules/other-Win32-v19.bundle HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:52:58 UTC540INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:57 GMT
                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                              Content-Length: 218853
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public
                                                                                                                                                                              Last-Modified: Mon, 28 Oct 2024 13:23:36 GMT
                                                                                                                                                                              ETag: "0x8DCF753BAA1B278"
                                                                                                                                                                              x-ms-request-id: 174434da-801e-0015-686a-29f97f000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165257Z-16849878b78j5kdg3dndgqw0vg0000000a30000000004498
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:52:58 UTC15844INData Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20
                                                                                                                                                                              Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
                                                                                                                                                                              2024-10-30 16:52:58 UTC16384INData Raw: 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e
                                                                                                                                                                              Data Ascii: "0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" />
                                                                                                                                                                              2024-10-30 16:52:58 UTC16384INData Raw: 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31
                                                                                                                                                                              Data Ascii: <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-781
                                                                                                                                                                              2024-10-30 16:52:58 UTC16384INData Raw: 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20
                                                                                                                                                                              Data Ascii: T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32"
                                                                                                                                                                              2024-10-30 16:52:58 UTC16384INData Raw: 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f
                                                                                                                                                                              Data Ascii: "0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Co
                                                                                                                                                                              2024-10-30 16:52:58 UTC16384INData Raw: 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a
                                                                                                                                                                              Data Ascii: <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C>
                                                                                                                                                                              2024-10-30 16:52:58 UTC16384INData Raw: 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63
                                                                                                                                                                              Data Ascii: <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMillisec
                                                                                                                                                                              2024-10-30 16:52:58 UTC16384INData Raw: 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e
                                                                                                                                                                              Data Ascii: R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIn
                                                                                                                                                                              2024-10-30 16:52:58 UTC16384INData Raw: 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L>
                                                                                                                                                                              2024-10-30 16:52:58 UTC16384INData Raw: 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                                                                                                                                                              Data Ascii: T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              26192.168.2.44978813.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:59 UTC193OUTGET /rules/rule120402v21s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:52:59 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:59 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 3788
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                                                                                                                                                              ETag: "0x8DC582BAC2126A6"
                                                                                                                                                                              x-ms-request-id: 041e76a7-601e-005c-45ae-26f06f000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165259Z-16849878b78bjkl8dpep89pbgg00000006w0000000011ka3
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:52:59 UTC3788INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              27192.168.2.44978913.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:59 UTC192OUTGET /rules/rule120600v4s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:52:59 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:59 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 2980
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                                                                                                                                                              ETag: "0x8DC582BA80D96A1"
                                                                                                                                                                              x-ms-request-id: 834668b8-301e-0052-121c-2765d6000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165259Z-16849878b787bfsh7zgp804my40000000760000000001prr
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:52:59 UTC2980INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              28192.168.2.44979113.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:59 UTC192OUTGET /rules/rule120608v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:52:59 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:59 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 2160
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                                                                                              ETag: "0x8DC582BA3B95D81"
                                                                                                                                                                              x-ms-request-id: cddcf92d-501e-008f-6a41-269054000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165259Z-17c5cb586f6lxnvg801rcb3n8n00000008dg0000000043k9
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:52:59 UTC2160INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              29192.168.2.44979013.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:59 UTC192OUTGET /rules/rule224902v2s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:52:59 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:59 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 450
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT
                                                                                                                                                                              ETag: "0x8DC582BD4C869AE"
                                                                                                                                                                              x-ms-request-id: 9a0790d9-e01e-0052-7cad-26d9df000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165259Z-16849878b787wpl5wqkt5731b400000009400000000066zm
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:52:59 UTC450INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              30192.168.2.44979213.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:52:59 UTC192OUTGET /rules/rule120609v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:52:59 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:52:59 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 408
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                                                                                                              ETag: "0x8DC582BB56D3AFB"
                                                                                                                                                                              x-ms-request-id: 11ae3112-301e-005d-596b-27e448000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165259Z-16849878b787bfsh7zgp804my400000006zg00000000yucz
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:52:59 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              31192.168.2.44979413.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:00 UTC192OUTGET /rules/rule120610v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:00 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:00 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 474
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT
                                                                                                                                                                              ETag: "0x8DC582B9964B277"
                                                                                                                                                                              x-ms-request-id: 7b93b929-d01e-0082-6676-27e489000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165300Z-16849878b78p8hrf1se7fucxk800000009700000000099fk
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:00 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              32192.168.2.44979613.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:00 UTC192OUTGET /rules/rule120612v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:00 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:00 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 471
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT
                                                                                                                                                                              ETag: "0x8DC582BB10C598B"
                                                                                                                                                                              x-ms-request-id: fc05dcd0-301e-0052-2d91-2a65d6000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165300Z-17c5cb586f62bgw58esgbu9hgw000000011000000000a8cf
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:00 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              33192.168.2.44979713.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:00 UTC192OUTGET /rules/rule120613v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:00 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:00 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 632
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                                                                                              ETag: "0x8DC582BB6E3779E"
                                                                                                                                                                              x-ms-request-id: 8abc48b9-201e-0096-2f4f-28ace6000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165300Z-15b8d89586fzhrwgk23ex2bvhw0000000b9g000000009ega
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:00 UTC632INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              34192.168.2.44979813.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:00 UTC192OUTGET /rules/rule120614v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:00 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:00 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 467
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                                                                                                                                                              ETag: "0x8DC582BA6C038BC"
                                                                                                                                                                              x-ms-request-id: 80c74b81-d01e-00a1-16c0-2a35b1000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165300Z-r197bdfb6b4xfp4mncra29rqkc00000001n000000000zkwc
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:00 UTC467INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              35192.168.2.44979513.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:00 UTC192OUTGET /rules/rule120611v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:00 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:00 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 415
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT
                                                                                                                                                                              ETag: "0x8DC582B9F6F3512"
                                                                                                                                                                              x-ms-request-id: 633f9008-101e-00a2-3e9b-279f2e000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165300Z-16849878b78wc6ln1zsrz6q9w80000000810000000008crp
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:00 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              36192.168.2.44979913.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:01 UTC192OUTGET /rules/rule120615v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:01 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:01 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 407
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                                                                                                                                                              ETag: "0x8DC582BBAD04B7B"
                                                                                                                                                                              x-ms-request-id: 910f925b-b01e-001e-0b30-2a0214000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165301Z-15b8d89586ffsjj9qb0gmb1stn0000000ckg0000000052wd
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:01 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              37192.168.2.44980013.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:01 UTC192OUTGET /rules/rule120616v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:01 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:01 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 486
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                                                                                              ETag: "0x8DC582BB344914B"
                                                                                                                                                                              x-ms-request-id: 0fe0dd21-c01e-0066-771c-26a1ec000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165301Z-16849878b7898p5f6vryaqvp58000000090g00000000zfrc
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:01 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              38192.168.2.44980213.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:01 UTC192OUTGET /rules/rule120618v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:01 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:01 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 486
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT
                                                                                                                                                                              ETag: "0x8DC582B9018290B"
                                                                                                                                                                              x-ms-request-id: c8022c20-501e-00a3-08ae-26c0f2000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165301Z-16849878b78fkwcjkpn19c5dsn00000007c0000000007h59
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:01 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              39192.168.2.44980313.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:01 UTC192OUTGET /rules/rule120619v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:01 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:01 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 407
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT
                                                                                                                                                                              ETag: "0x8DC582B9698189B"
                                                                                                                                                                              x-ms-request-id: 226d2935-b01e-001e-729c-270214000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165301Z-r197bdfb6b4grkz4xgvkar0zcs00000008300000000055ep
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:01 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              40192.168.2.44980113.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:01 UTC192OUTGET /rules/rule120617v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:01 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:01 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 427
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT
                                                                                                                                                                              ETag: "0x8DC582BA310DA18"
                                                                                                                                                                              x-ms-request-id: fcb0891e-801e-007b-6669-28e7ab000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165301Z-15b8d89586f8l5961kfst8fpb00000000m4g000000005fgy
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:01 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              41192.168.2.44980413.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:02 UTC192OUTGET /rules/rule120620v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:02 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:02 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 469
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                                                                                                              ETag: "0x8DC582BBA701121"
                                                                                                                                                                              x-ms-request-id: 2fd6bd5d-d01e-007a-394f-26f38c000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165302Z-16849878b78bjkl8dpep89pbgg00000006wg00000000y8s6
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:02 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              42192.168.2.44980513.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:02 UTC192OUTGET /rules/rule120621v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:02 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:02 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 415
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                                                                                              ETag: "0x8DC582BA41997E3"
                                                                                                                                                                              x-ms-request-id: 6484a1a6-201e-0000-75a3-26a537000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165302Z-16849878b78fkwcjkpn19c5dsn000000078g00000000qt1e
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:02 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              43192.168.2.44980613.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:02 UTC192OUTGET /rules/rule120622v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:02 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:02 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 477
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                                                                                                                                                              ETag: "0x8DC582BB8CEAC16"
                                                                                                                                                                              x-ms-request-id: abf73cf0-e01e-0052-5534-2ad9df000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165302Z-15b8d89586fmhjx6a8nf3qm53c0000000290000000000hs0
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:02 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              44192.168.2.44980713.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:02 UTC192OUTGET /rules/rule120623v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:02 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:02 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 464
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                                                                                                                                                              ETag: "0x8DC582B97FB6C3C"
                                                                                                                                                                              x-ms-request-id: 1a39e609-901e-0048-60a3-26b800000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165302Z-16849878b7828dsgct3vrzta7000000006mg00000000z0nd
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:02 UTC464INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              45192.168.2.44980813.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:02 UTC192OUTGET /rules/rule120624v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:02 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:02 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 494
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                                                                                              ETag: "0x8DC582BB7010D66"
                                                                                                                                                                              x-ms-request-id: 78a5d0bc-501e-005b-6da6-26d7f7000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165302Z-16849878b78wc6ln1zsrz6q9w80000000810000000008cus
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:02 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              46192.168.2.44980913.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:03 UTC192OUTGET /rules/rule120625v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:03 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:03 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 419
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT
                                                                                                                                                                              ETag: "0x8DC582B9748630E"
                                                                                                                                                                              x-ms-request-id: bf2855ec-b01e-0084-57b7-2ad736000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165303Z-16849878b78bjkl8dpep89pbgg00000006wg00000000y8tp
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:03 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              47192.168.2.44981013.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:03 UTC192OUTGET /rules/rule120626v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:03 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:03 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 472
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                                                                                                                                                              ETag: "0x8DC582B9DACDF62"
                                                                                                                                                                              x-ms-request-id: 864201cb-901e-0015-2b18-26b284000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165303Z-16849878b78tg5n42kspfr0x48000000089g00000000kr1f
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:03 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              48192.168.2.44981113.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:03 UTC192OUTGET /rules/rule120627v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:03 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:03 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 404
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT
                                                                                                                                                                              ETag: "0x8DC582B9E8EE0F3"
                                                                                                                                                                              x-ms-request-id: def6a666-601e-0001-6e47-2afaeb000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165303Z-r197bdfb6b4xfp4mncra29rqkc00000001qg00000000nufc
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:03 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              49192.168.2.44981313.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:03 UTC192OUTGET /rules/rule120628v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:03 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:03 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 468
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                                                                                                                                                              ETag: "0x8DC582B9C8E04C8"
                                                                                                                                                                              x-ms-request-id: ebbbec6e-b01e-0021-1c83-29cab7000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165303Z-17c5cb586f672xmrz843mf85fn000000075000000000h33z
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:03 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              50192.168.2.44981213.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:03 UTC192OUTGET /rules/rule120629v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:03 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:03 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 428
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                                                                                                                                                              ETag: "0x8DC582BAC4F34CA"
                                                                                                                                                                              x-ms-request-id: ef4969e5-401e-002a-2c3c-28c62e000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165303Z-15b8d89586fhl2qtatrz3vfkf00000000eh000000000dd3r
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:03 UTC428INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              51192.168.2.44981513.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:03 UTC192OUTGET /rules/rule120630v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:04 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:03 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 499
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT
                                                                                                                                                                              ETag: "0x8DC582B98CEC9F6"
                                                                                                                                                                              x-ms-request-id: 54a08b66-801e-008f-529b-272c5d000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165303Z-16849878b78p49s6zkwt11bbkn0000000810000000006sug
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:04 UTC499INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              52192.168.2.44981813.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:04 UTC192OUTGET /rules/rule120633v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:04 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:04 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 419
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                                                                                              ETag: "0x8DC582BB32BB5CB"
                                                                                                                                                                              x-ms-request-id: df8e274c-401e-002a-26fc-28c62e000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165304Z-r197bdfb6b4skzzvqpzzd3xetg00000007v0000000006fx6
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:04 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              53192.168.2.44981913.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:04 UTC192OUTGET /rules/rule120634v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:04 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:04 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 494
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                                                                                                                                                              ETag: "0x8DC582BB8972972"
                                                                                                                                                                              x-ms-request-id: d73e8916-101e-008d-6973-2792e5000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165304Z-17c5cb586f62bgw58esgbu9hgw00000000xg00000000pnwg
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:04 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              54192.168.2.44981713.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:04 UTC192OUTGET /rules/rule120632v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:04 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:04 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 471
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                                                                                                              ETag: "0x8DC582BB5815C4C"
                                                                                                                                                                              x-ms-request-id: 5dc1b391-401e-0029-66c0-2a9b43000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165304Z-159b85dff8f2qnk7hC1DFWwb2400000000h00000000025kd
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:04 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              55192.168.2.44981613.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:04 UTC192OUTGET /rules/rule120631v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:04 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:04 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 415
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                                              ETag: "0x8DC582B988EBD12"
                                                                                                                                                                              x-ms-request-id: 546431bf-201e-0085-0b72-2734e3000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165304Z-16849878b78wv88bk51myq5vxc00000008eg00000001180d
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:04 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              56192.168.2.44982013.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:04 UTC192OUTGET /rules/rule120635v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:04 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:04 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 420
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                                                                                                                                                              ETag: "0x8DC582B9DAE3EC0"
                                                                                                                                                                              x-ms-request-id: ce95f5ab-001e-0034-242a-27dd04000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165304Z-17c5cb586f6zcqf8r7the4ske000000000qg000000006038
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:04 UTC420INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              57192.168.2.44982113.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:05 UTC192OUTGET /rules/rule120636v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:05 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:05 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 472
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                                                                                                                                                              ETag: "0x8DC582B9D43097E"
                                                                                                                                                                              x-ms-request-id: 2a43884c-b01e-0098-517c-2acead000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165305Z-15b8d89586fmc8ck21zz2rtg1w00000005f000000000errk
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:05 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              58192.168.2.44982213.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:05 UTC192OUTGET /rules/rule120638v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:05 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:05 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 486
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT
                                                                                                                                                                              ETag: "0x8DC582B92FCB436"
                                                                                                                                                                              x-ms-request-id: 01fc617d-601e-000d-05a4-262618000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165305Z-16849878b78q9m8bqvwuva4svc00000006tg00000000p33t
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:05 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              59192.168.2.44982413.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:05 UTC192OUTGET /rules/rule120639v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:05 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:05 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 423
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT
                                                                                                                                                                              ETag: "0x8DC582BB7564CE8"
                                                                                                                                                                              x-ms-request-id: 5e4053db-f01e-0052-6472-279224000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165305Z-16849878b7828dsgct3vrzta7000000006q000000000n3vr
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:05 UTC423INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              60192.168.2.44982313.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:05 UTC192OUTGET /rules/rule120637v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:05 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:05 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 427
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT
                                                                                                                                                                              ETag: "0x8DC582BA909FA21"
                                                                                                                                                                              x-ms-request-id: 3601e2f9-501e-0064-27bd-2a1f54000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165305Z-17c5cb586f659tsm88uwcmn6s400000000wg00000000221v
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:05 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              61192.168.2.44982513.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:05 UTC192OUTGET /rules/rule120640v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:05 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:05 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 478
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT
                                                                                                                                                                              ETag: "0x8DC582B9B233827"
                                                                                                                                                                              x-ms-request-id: 6856914c-401e-0029-0667-279b43000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165305Z-16849878b78hh85qc40uyr8sc800000008k000000000m01e
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:05 UTC478INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              62192.168.2.44982613.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:05 UTC192OUTGET /rules/rule120641v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:06 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:05 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 404
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                                                                                                                                                              ETag: "0x8DC582B95C61A3C"
                                                                                                                                                                              x-ms-request-id: a783173c-501e-008c-2349-27cd39000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165305Z-16849878b78qwx7pmw9x5fub1c00000006fg000000009sdh
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:06 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              63192.168.2.44982713.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:05 UTC192OUTGET /rules/rule120642v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:06 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:05 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 468
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT
                                                                                                                                                                              ETag: "0x8DC582BB046B576"
                                                                                                                                                                              x-ms-request-id: e1dd5be0-d01e-00a1-2084-2935b1000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165305Z-17c5cb586f6wnfhvhw6gvetfh400000007w00000000062e7
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:06 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              64192.168.2.44982813.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:05 UTC192OUTGET /rules/rule120643v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:06 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:05 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 400
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                                                                                                                                                              ETag: "0x8DC582BB2D62837"
                                                                                                                                                                              x-ms-request-id: a96fbf53-401e-0016-5d5d-2653e0000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165305Z-16849878b78fkwcjkpn19c5dsn000000078g00000000qtck
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:06 UTC400INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              65192.168.2.44982913.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:05 UTC192OUTGET /rules/rule120644v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:06 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:06 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 479
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                                                                                                                                                              ETag: "0x8DC582BB7D702D0"
                                                                                                                                                                              x-ms-request-id: 4900665d-501e-0029-5111-29d0b8000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165306Z-15b8d89586fxdh48ft0acdbg440000000260000000003hxw
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:06 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              66192.168.2.44983013.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:06 UTC192OUTGET /rules/rule120645v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:06 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:06 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 425
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                                                                                                                                                              ETag: "0x8DC582BBA25094F"
                                                                                                                                                                              x-ms-request-id: 2b9d96d3-301e-0020-4e31-276299000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165306Z-16849878b786lft2mu9uftf3y400000009kg00000000d925
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:06 UTC425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              67192.168.2.44983113.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:06 UTC192OUTGET /rules/rule120646v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:06 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:06 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 475
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                                                                                                                                                              ETag: "0x8DC582BB2BE84FD"
                                                                                                                                                                              x-ms-request-id: 99f07890-301e-0051-29d2-2538bb000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165306Z-16849878b78g2m84h2v9sta290000000075000000000s94h
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:06 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              68192.168.2.44983213.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:06 UTC192OUTGET /rules/rule120647v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:06 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:06 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 448
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                                                                                              ETag: "0x8DC582BB389F49B"
                                                                                                                                                                              x-ms-request-id: 51ccb76b-001e-0049-0a37-265bd5000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165306Z-16849878b78zqkvcwgr6h55x9n00000007n0000000010yw5
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:06 UTC448INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              69192.168.2.44983313.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:06 UTC192OUTGET /rules/rule120648v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:06 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:06 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 491
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                                              ETag: "0x8DC582B98B88612"
                                                                                                                                                                              x-ms-request-id: 33c93406-d01e-0066-3d3d-26ea17000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165306Z-15b8d89586f8nxpt6ys645x5v000000009fg00000000gu44
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:06 UTC491INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              70192.168.2.44983413.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:06 UTC192OUTGET /rules/rule120649v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:06 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:06 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 416
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT
                                                                                                                                                                              ETag: "0x8DC582BAEA4B445"
                                                                                                                                                                              x-ms-request-id: 5feeb856-001e-008d-0ae8-28d91e000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165306Z-15b8d89586fmhkw429ba5n22m800000009x0000000000hn8
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:06 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              71192.168.2.44983513.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:07 UTC192OUTGET /rules/rule120650v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:07 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:07 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 479
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                                              ETag: "0x8DC582B989EE75B"
                                                                                                                                                                              x-ms-request-id: 1eef1b3e-901e-002a-4bcc-267a27000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165307Z-r197bdfb6b46kmj4701qkq602400000007f000000000dukw
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:07 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              72192.168.2.44983713.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:07 UTC192OUTGET /rules/rule120652v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:07 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:07 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 471
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                                                                                                                                                              ETag: "0x8DC582B97E6FCDD"
                                                                                                                                                                              x-ms-request-id: d0d63b60-601e-0050-7d63-272c9c000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165307Z-17c5cb586f62blg5ss55p9d6fn000000094000000000dhs3
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:07 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              73192.168.2.44983613.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:07 UTC192OUTGET /rules/rule120651v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:07 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:07 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 415
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                                                                                                                                                              ETag: "0x8DC582BA80D96A1"
                                                                                                                                                                              x-ms-request-id: 336bf192-401e-00ac-1a67-270a97000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165307Z-15b8d89586fmhkw429ba5n22m800000009x0000000000hp6
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:07 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              74192.168.2.44983813.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:07 UTC192OUTGET /rules/rule120653v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:07 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:07 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 419
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                                                                                                                                                              ETag: "0x8DC582B9C710B28"
                                                                                                                                                                              x-ms-request-id: c1b2f9d4-701e-0098-1062-26395f000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165307Z-16849878b78g2m84h2v9sta290000000073g00000000y03c
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:07 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              75192.168.2.44983913.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:07 UTC192OUTGET /rules/rule120654v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:07 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:07 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 477
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT
                                                                                                                                                                              ETag: "0x8DC582BA54DCC28"
                                                                                                                                                                              x-ms-request-id: 9921b831-601e-0097-069c-27f33a000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165307Z-15b8d89586fnsf5zkvx8tfb0zc00000003h0000000003svx
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:07 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              76192.168.2.44984013.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:08 UTC192OUTGET /rules/rule120655v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:08 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:08 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 419
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                                                                                                                                                              ETag: "0x8DC582BB7F164C3"
                                                                                                                                                                              x-ms-request-id: 3efaf52f-501e-008c-0d35-29cd39000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165308Z-15b8d89586f4zwgbgswvrvz4vs00000009m000000000gqn4
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:08 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              77192.168.2.44984213.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:08 UTC192OUTGET /rules/rule120657v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:08 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:08 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 419
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT
                                                                                                                                                                              ETag: "0x8DC582B9FF95F80"
                                                                                                                                                                              x-ms-request-id: 3a8fdb30-b01e-0084-08d4-2ad736000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165308Z-r197bdfb6b4gx6v9pg74w9f47s0000000ag0000000008ead
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:08 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              78192.168.2.44984313.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:08 UTC192OUTGET /rules/rule120658v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:08 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:08 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 472
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT
                                                                                                                                                                              ETag: "0x8DC582BB650C2EC"
                                                                                                                                                                              x-ms-request-id: cb951b4e-f01e-0020-727f-28956b000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165308Z-r197bdfb6b46kmj4701qkq602400000007eg00000000f028
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:08 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              79192.168.2.44984113.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:08 UTC192OUTGET /rules/rule120656v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:08 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:08 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 477
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                                                                                                                                                                              ETag: "0x8DC582BA48B5BDD"
                                                                                                                                                                              x-ms-request-id: a1cd7d15-b01e-0070-762b-271cc0000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165308Z-16849878b78bcpfn2qf7sm6hsn00000009u000000000xqe6
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:08 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              80192.168.2.44984413.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:08 UTC192OUTGET /rules/rule120659v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:08 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:08 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 468
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                                                                                                              ETag: "0x8DC582BB3EAF226"
                                                                                                                                                                              x-ms-request-id: c7261251-b01e-0070-6593-291cc0000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165308Z-17c5cb586f6f8m6jnehy0z65x400000007k000000000ep50
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:08 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              81192.168.2.44984513.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:09 UTC192OUTGET /rules/rule120660v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:09 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:09 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 485
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT
                                                                                                                                                                              ETag: "0x8DC582BB9769355"
                                                                                                                                                                              x-ms-request-id: e574f622-301e-0052-4beb-2565d6000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165309Z-16849878b78km6fmmkbenhx76n00000007q000000000a5kc
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:09 UTC485INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              82192.168.2.44984813.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:09 UTC192OUTGET /rules/rule120663v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:09 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:09 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 427
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                                                                                                                                                              ETag: "0x8DC582BB556A907"
                                                                                                                                                                              x-ms-request-id: a342e9ea-d01e-0066-419c-27ea17000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165309Z-16849878b78nzcqcd7bed2fb6n00000000v00000000011a7
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:09 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              83192.168.2.44984613.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:09 UTC192OUTGET /rules/rule120661v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:09 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:09 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 411
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                                              ETag: "0x8DC582B989AF051"
                                                                                                                                                                              x-ms-request-id: ad1b4984-801e-002a-3571-2931dc000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165309Z-17c5cb586f6fqqst87nqkbsx1c00000006r000000000gq1b
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:09 UTC411INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              84192.168.2.44984713.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:09 UTC192OUTGET /rules/rule120662v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:09 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:09 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 470
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                                                                                                                                                              ETag: "0x8DC582BBB181F65"
                                                                                                                                                                              x-ms-request-id: 6cbbe1db-401e-0083-6516-26075c000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165309Z-16849878b78nzcqcd7bed2fb6n00000000tg000000007tqv
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:09 UTC470INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              85192.168.2.44985013.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:10 UTC192OUTGET /rules/rule120665v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:10 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:10 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 407
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                                                                                                                                                              ETag: "0x8DC582B9D30478D"
                                                                                                                                                                              x-ms-request-id: 9cbc4178-801e-008f-12a3-262c5d000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165310Z-16849878b782d4lwcu6h6gmxnw00000007xg00000000rur7
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:10 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              86192.168.2.44985113.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:10 UTC192OUTGET /rules/rule120666v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:10 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:10 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 474
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                                                                                                              ETag: "0x8DC582BB3F48DAE"
                                                                                                                                                                              x-ms-request-id: 4b1c8405-301e-005d-7701-27e448000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165310Z-16849878b78q9m8bqvwuva4svc00000006qg000000011txm
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:10 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              87192.168.2.44985213.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:10 UTC192OUTGET /rules/rule120667v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:10 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:10 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 408
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                                                                                                                                                              ETag: "0x8DC582BB9B6040B"
                                                                                                                                                                              x-ms-request-id: 4bda8ee7-201e-0003-1763-27f85a000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165310Z-16849878b785dznd7xpawq9gcn00000009tg000000000ges
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:10 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              88192.168.2.44985313.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:10 UTC192OUTGET /rules/rule120668v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:10 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:10 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 469
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                                                                                                              ETag: "0x8DC582BB3CAEBB8"
                                                                                                                                                                              x-ms-request-id: e1e6f089-901e-005b-1e15-262005000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165310Z-15b8d89586fnsf5zkvx8tfb0zc00000003c000000000gkuf
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:10 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              89192.168.2.44984913.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:10 UTC192OUTGET /rules/rule120664v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:13 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:13 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 502
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                                                                                              ETag: "0x8DC582BB6A0D312"
                                                                                                                                                                              x-ms-request-id: 10f07cf3-601e-0070-28ce-2aa0c9000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165313Z-r197bdfb6b4cxj4bmw6ag8gees0000000110000000005rtd
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:13 UTC502INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              90192.168.2.44985413.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:11 UTC192OUTGET /rules/rule120669v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:11 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:11 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 416
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                                                                                                                                                              ETag: "0x8DC582BB5284CCE"
                                                                                                                                                                              x-ms-request-id: d9732123-901e-007b-1098-25ac50000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165311Z-16849878b7898p5f6vryaqvp580000000970000000003pdp
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:11 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              91192.168.2.44985513.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:11 UTC192OUTGET /rules/rule120670v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:11 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:11 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 472
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                                                                                                                                                              ETag: "0x8DC582B91EAD002"
                                                                                                                                                                              x-ms-request-id: 933aac65-d01e-007a-51aa-26f38c000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165311Z-16849878b787wpl5wqkt5731b4000000091000000000mg91
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:11 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              92192.168.2.44985613.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:11 UTC192OUTGET /rules/rule120671v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:11 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:11 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 432
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT
                                                                                                                                                                              ETag: "0x8DC582BAABA2A10"
                                                                                                                                                                              x-ms-request-id: 0c0bb0c5-d01e-007a-4187-29f38c000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165311Z-17c5cb586f66g7mvgrudxte954000000038g00000000f2dh
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:11 UTC432INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              93192.168.2.44985713.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:11 UTC192OUTGET /rules/rule120672v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:11 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:11 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 475
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                                                                                                              ETag: "0x8DC582BBA740822"
                                                                                                                                                                              x-ms-request-id: 8e6218f7-d01e-0066-7d57-27ea17000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165311Z-16849878b78smng4k6nq15r6s400000009r000000000vzd8
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:11 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              94192.168.2.44985813.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:11 UTC192OUTGET /rules/rule120673v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:12 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:12 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 427
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT
                                                                                                                                                                              ETag: "0x8DC582BB464F255"
                                                                                                                                                                              x-ms-request-id: 48ec36c7-d01e-00a1-338d-2735b1000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165311Z-16849878b787wpl5wqkt5731b400000008yg00000000y0cp
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:12 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              95192.168.2.44985913.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:12 UTC192OUTGET /rules/rule120674v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:12 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:12 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 474
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                                                                                              ETag: "0x8DC582BA4037B0D"
                                                                                                                                                                              x-ms-request-id: df439d9f-401e-0067-5610-2709c2000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165312Z-16849878b785jrf8dn0d2rczaw00000009k000000000173k
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:12 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              96192.168.2.44986013.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:12 UTC192OUTGET /rules/rule120675v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:12 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:12 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 419
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                                                                                                                                                              ETag: "0x8DC582BA6CF78C8"
                                                                                                                                                                              x-ms-request-id: 9f581369-601e-00ab-15c9-2a66f4000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165312Z-16849878b78sx229w7g7at4nkg00000006kg00000000c6u6
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:12 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              97192.168.2.44986113.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:12 UTC192OUTGET /rules/rule120676v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:12 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:12 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 472
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                                              ETag: "0x8DC582B984BF177"
                                                                                                                                                                              x-ms-request-id: dbd91de3-001e-002b-2827-2799f2000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165312Z-r197bdfb6b4qbfppwgs4nqza8000000006vg00000000pxcs
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:12 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              98192.168.2.44986213.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:12 UTC192OUTGET /rules/rule120677v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:12 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:12 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 405
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT
                                                                                                                                                                              ETag: "0x8DC582B942B6AFF"
                                                                                                                                                                              x-ms-request-id: 9577fd14-901e-0016-4fa3-26efe9000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165312Z-15b8d89586f5s5nz3ffrgxn5ac000000092g00000000609r
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:12 UTC405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              99192.168.2.44986313.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:13 UTC192OUTGET /rules/rule120678v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:13 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:13 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 468
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                                                                                                              ETag: "0x8DC582BBA642BF4"
                                                                                                                                                                              x-ms-request-id: fd0e08e6-201e-0085-5f27-2634e3000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165313Z-r197bdfb6b48pl4k4a912hk2g400000007m0000000009d9u
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:13 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              100192.168.2.44986413.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:13 UTC192OUTGET /rules/rule120679v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:13 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:13 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 174
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                                                                                                                                                              ETag: "0x8DC582B91D80E15"
                                                                                                                                                                              x-ms-request-id: 071448c9-d01e-0028-2702-297896000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165313Z-15b8d89586flzzksdx5d6q7g1000000003f0000000008w61
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:13 UTC174INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              101192.168.2.44986513.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:13 UTC192OUTGET /rules/rule120680v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:13 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:13 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1952
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                                                                                                                                                              ETag: "0x8DC582B956B0F3D"
                                                                                                                                                                              x-ms-request-id: bb28544f-801e-0047-7562-267265000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165313Z-16849878b78tg5n42kspfr0x48000000089g00000000krsw
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:13 UTC1952INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              102192.168.2.44986613.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:13 UTC192OUTGET /rules/rule120681v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:13 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:13 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 958
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT
                                                                                                                                                                              ETag: "0x8DC582BA0A31B3B"
                                                                                                                                                                              x-ms-request-id: 080ba15e-001e-0082-732b-275880000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165313Z-15b8d89586fvpb59307bn2rcac00000003g0000000006ehu
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:13 UTC958INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              103192.168.2.44986713.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:13 UTC192OUTGET /rules/rule120682v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:14 UTC491INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:13 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 501
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT
                                                                                                                                                                              ETag: "0x8DC582BACFDAACD"
                                                                                                                                                                              x-ms-request-id: 97ce691d-801e-0047-0a01-277265000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165313Z-16849878b78q9m8bqvwuva4svc00000006v000000000end2
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:14 UTC501INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              104192.168.2.44986813.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:13 UTC193OUTGET /rules/rule120602v10s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:14 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:13 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 2592
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                                                                                                              ETag: "0x8DC582BB5B890DB"
                                                                                                                                                                              x-ms-request-id: 6768b437-a01e-00ab-174d-279106000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165313Z-16849878b787wpl5wqkt5731b4000000091000000000mgf7
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:14 UTC2592INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              105192.168.2.44986913.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:14 UTC192OUTGET /rules/rule120601v3s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:14 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:14 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 3342
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT
                                                                                                                                                                              ETag: "0x8DC582B927E47E9"
                                                                                                                                                                              x-ms-request-id: c317859a-501e-00a3-19db-27c0f2000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165314Z-r197bdfb6b4gx6v9pg74w9f47s0000000ad000000000esn0
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:14 UTC3342INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              106192.168.2.44987013.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:14 UTC193OUTGET /rules/rule224901v11s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:14 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:14 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 2284
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT
                                                                                                                                                                              ETag: "0x8DC582BCD58BEEE"
                                                                                                                                                                              x-ms-request-id: 20ac8722-c01e-00ad-30e6-27a2b9000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165314Z-r197bdfb6b46kmj4701qkq602400000007eg00000000f09z
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:14 UTC2284INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              107192.168.2.44987113.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:14 UTC192OUTGET /rules/rule701201v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:14 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:14 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1393
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT
                                                                                                                                                                              ETag: "0x8DC582BE3E55B6E"
                                                                                                                                                                              x-ms-request-id: 97090380-701e-0032-52b4-2aa540000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165314Z-16849878b78z2wx67pvzz63kdg00000006t0000000012wpu
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:14 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              108192.168.2.44987213.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:14 UTC192OUTGET /rules/rule701200v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:14 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:14 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1356
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                                                                                                              ETag: "0x8DC582BDC681E17"
                                                                                                                                                                              x-ms-request-id: 19a18c92-701e-0098-0fb0-26395f000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165314Z-16849878b787bfsh7zgp804my4000000075g0000000040f5
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:14 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              109192.168.2.44987313.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:14 UTC192OUTGET /rules/rule700201v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:14 UTC540INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:14 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1393
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT
                                                                                                                                                                              ETag: "0x8DC582BE39DFC9B"
                                                                                                                                                                              x-ms-request-id: a349b1bc-a01e-0021-20bc-2a814c000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165314Z-r197bdfb6b4n9cxdnknw89p4zg0000000190000000007snv
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:14 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              110192.168.2.44987413.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:14 UTC192OUTGET /rules/rule700200v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:15 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:14 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1356
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                                                                                                              ETag: "0x8DC582BDF66E42D"
                                                                                                                                                                              x-ms-request-id: 2e99a458-901e-0067-29ae-26b5cb000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165314Z-16849878b786lft2mu9uftf3y400000009fg00000000u5yq
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:15 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              111192.168.2.44987513.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:15 UTC192OUTGET /rules/rule702351v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:15 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:15 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1395
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                                                                                              ETag: "0x8DC582BE017CAD3"
                                                                                                                                                                              x-ms-request-id: cd04a713-f01e-003f-7315-26d19d000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165315Z-16849878b78smng4k6nq15r6s400000009w00000000094dp
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:15 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              112192.168.2.44987613.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:15 UTC192OUTGET /rules/rule702350v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:15 UTC540INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:15 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1358
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                                                                                                                                                              ETag: "0x8DC582BE6431446"
                                                                                                                                                                              x-ms-request-id: 5c8c4e1d-601e-0002-3bca-2aa786000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165315Z-r197bdfb6b4wbz6dd37axgrp9s000000012g00000000uys6
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:15 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              113192.168.2.44987813.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:15 UTC192OUTGET /rules/rule701250v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:15 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:15 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1358
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                                                                                              ETag: "0x8DC582BE022ECC5"
                                                                                                                                                                              x-ms-request-id: 255ed8c5-301e-0051-461c-2738bb000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165315Z-15b8d89586fpccrmgpemqdqe58000000034g00000000ew67
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:15 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              114192.168.2.44987713.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:15 UTC192OUTGET /rules/rule701251v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:15 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:15 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1395
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                                                                                                                                                                              ETag: "0x8DC582BDE12A98D"
                                                                                                                                                                              x-ms-request-id: 8f4dae4f-901e-008f-19cb-2767a6000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165315Z-17c5cb586f6lxnvg801rcb3n8n000000088g00000000dgew
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:15 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              115192.168.2.44987913.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:15 UTC192OUTGET /rules/rule700051v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:16 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:16 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1389
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                                                              ETag: "0x8DC582BE10A6BC1"
                                                                                                                                                                              x-ms-request-id: cdbfd92d-501e-0029-317f-27d0b8000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165316Z-15b8d89586fmc8ck21zz2rtg1w00000005kg000000008guy
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:16 UTC1389INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              116192.168.2.44988013.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:16 UTC192OUTGET /rules/rule700050v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:16 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:16 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1352
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                                                                                                                                                              ETag: "0x8DC582BE9DEEE28"
                                                                                                                                                                              x-ms-request-id: f21e1abf-101e-00a2-2367-289f2e000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165316Z-15b8d89586fhl2qtatrz3vfkf00000000egg00000000dqaz
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:16 UTC1352INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              117192.168.2.44988113.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:16 UTC192OUTGET /rules/rule702951v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:16 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:16 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1405
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                                                              ETag: "0x8DC582BE12B5C71"
                                                                                                                                                                              x-ms-request-id: 4e087ea8-e01e-0099-0e5a-28da8a000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165316Z-15b8d89586fpccrmgpemqdqe58000000038g000000003ace
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:16 UTC1405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              118192.168.2.44988213.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:16 UTC192OUTGET /rules/rule702950v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:16 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:16 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1368
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                                                                                                              ETag: "0x8DC582BDDC22447"
                                                                                                                                                                              x-ms-request-id: 207ff7bf-701e-006f-1357-27afc4000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165316Z-16849878b78qg9mlz11wgn0wcc00000007vg00000000mdby
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:16 UTC1368INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              119192.168.2.44988313.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:16 UTC192OUTGET /rules/rule701151v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:16 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:16 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1401
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                                                                                                                                              ETag: "0x8DC582BE055B528"
                                                                                                                                                                              x-ms-request-id: 04bfc9b2-001e-0017-54ad-260c3c000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165316Z-16849878b78fhxrnedubv5byks00000006n000000000g1pv
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:16 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              120192.168.2.44988413.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:16 UTC192OUTGET /rules/rule701150v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:16 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:16 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1364
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                                                              ETag: "0x8DC582BE1223606"
                                                                                                                                                                              x-ms-request-id: eff8debc-001e-0065-199c-270b73000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165316Z-16849878b78p49s6zkwt11bbkn0000000810000000006unt
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:16 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              121192.168.2.44988513.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:17 UTC192OUTGET /rules/rule702201v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:17 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:17 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1397
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT
                                                                                                                                                                              ETag: "0x8DC582BE7262739"
                                                                                                                                                                              x-ms-request-id: f0c9e92d-201e-0000-1199-25a537000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165317Z-16849878b78hh85qc40uyr8sc800000008g000000000uhdy
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:17 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              122192.168.2.44988613.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:17 UTC192OUTGET /rules/rule702200v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:17 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:17 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1360
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                                                                                                              ETag: "0x8DC582BDDEB5124"
                                                                                                                                                                              x-ms-request-id: e1c723a0-d01e-002b-299c-2725fb000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165317Z-r197bdfb6b4qbfppwgs4nqza8000000006vg00000000pxnf
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:17 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              123192.168.2.44988713.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:17 UTC192OUTGET /rules/rule700401v2s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:17 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:17 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1403
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                                                                                                              ETag: "0x8DC582BDCB4853F"
                                                                                                                                                                              x-ms-request-id: bef0a497-701e-005c-1f9c-29bb94000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165317Z-17c5cb586f6mkpfkkpsf1dpups00000003h000000000n7t7
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:17 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              124192.168.2.44988813.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:17 UTC192OUTGET /rules/rule700400v2s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:17 UTC538INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:17 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1366
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT
                                                                                                                                                                              ETag: "0x8DC582BDB779FC3"
                                                                                                                                                                              x-ms-request-id: d6c962a3-601e-0050-3d78-2a2c9c000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165317Z-159b85dff8f2qnk7hC1DFWwb2400000000eg000000001x18
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:17 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              125192.168.2.44988913.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:17 UTC192OUTGET /rules/rule700351v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:17 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:17 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1397
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                                                                                              ETag: "0x8DC582BDFD43C07"
                                                                                                                                                                              x-ms-request-id: a3252951-201e-0071-2d78-2aff15000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165317Z-15b8d89586fvpb59307bn2rcac00000003gg000000004n72
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:17 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              126192.168.2.44989013.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:18 UTC192OUTGET /rules/rule700350v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:18 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:18 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1360
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                                                                                                              ETag: "0x8DC582BDD74D2EC"
                                                                                                                                                                              x-ms-request-id: 92d64d37-101e-0034-119c-2796ff000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165318Z-16849878b78q9m8bqvwuva4svc00000006y0000000000q47
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:18 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              127192.168.2.44989113.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:18 UTC192OUTGET /rules/rule703901v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:18 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:18 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1427
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                                                                                                                                              ETag: "0x8DC582BE56F6873"
                                                                                                                                                                              x-ms-request-id: 08f6a26f-f01e-0071-6b1c-27431c000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165318Z-16849878b786fl7gm2qg4r5y7000000008ng000000007em3
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:18 UTC1427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              128192.168.2.44989313.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:18 UTC192OUTGET /rules/rule701501v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:18 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:18 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1401
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT
                                                                                                                                                                              ETag: "0x8DC582BE2A9D541"
                                                                                                                                                                              x-ms-request-id: 3a798620-501e-00a0-0295-279d9f000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165318Z-16849878b78qg9mlz11wgn0wcc00000007x000000000cb9f
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:18 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              129192.168.2.44989213.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:18 UTC192OUTGET /rules/rule703900v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:18 UTC538INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:18 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1390
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT
                                                                                                                                                                              ETag: "0x8DC582BE3002601"
                                                                                                                                                                              x-ms-request-id: 07185127-a01e-001e-68b5-2a49ef000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165318Z-159b85dff8ftk4pxhC1DFWg5f000000000h0000000005w5q
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:18 UTC1390INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              130192.168.2.44989413.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:18 UTC192OUTGET /rules/rule701500v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:18 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:18 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1364
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                                                                                              ETag: "0x8DC582BEB6AD293"
                                                                                                                                                                              x-ms-request-id: 92f9c42c-401e-0015-6893-290e8d000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165318Z-17c5cb586f6wmhkn5q6fu8c5ss00000007q000000000f2xq
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:18 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              131192.168.2.44989513.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:19 UTC192OUTGET /rules/rule702801v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:19 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:19 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1391
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                                                                                                              ETag: "0x8DC582BDF58DC7E"
                                                                                                                                                                              x-ms-request-id: 4fde2afa-301e-0099-279b-276683000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165319Z-17c5cb586f67hfgj2durhqcxk8000000074g00000000hwfb
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:19 UTC1391INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              132192.168.2.44989613.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:19 UTC192OUTGET /rules/rule702800v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:19 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:19 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1354
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                                                                                                                                              ETag: "0x8DC582BE0662D7C"
                                                                                                                                                                              x-ms-request-id: a3bf04aa-f01e-001f-636e-285dc8000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165319Z-r197bdfb6b4xfp4mncra29rqkc00000001p000000000tf8g
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:19 UTC1354INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              133192.168.2.44989713.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:19 UTC192OUTGET /rules/rule703351v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:19 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:19 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1403
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                                                                                                                                                              ETag: "0x8DC582BDCDD6400"
                                                                                                                                                                              x-ms-request-id: b03ac640-101e-007a-1bc8-27047e000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165319Z-r197bdfb6b4qbfppwgs4nqza800000000710000000001a8e
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:19 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              134192.168.2.44989813.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:19 UTC192OUTGET /rules/rule703350v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:19 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:19 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1366
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT
                                                                                                                                                                              ETag: "0x8DC582BDF1E2608"
                                                                                                                                                                              x-ms-request-id: 141f8a5a-601e-000d-3b74-272618000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165319Z-16849878b7898p5f6vryaqvp580000000970000000003q5p
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:19 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              135192.168.2.44989913.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:19 UTC192OUTGET /rules/rule703501v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:19 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:19 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1399
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT
                                                                                                                                                                              ETag: "0x8DC582BE8C605FF"
                                                                                                                                                                              x-ms-request-id: c92207e3-c01e-0034-6767-2a2af6000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165319Z-r197bdfb6b4hsj5bywyqk9r2xw00000009wg0000000083n7
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:19 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              136192.168.2.44990113.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:19 UTC192OUTGET /rules/rule701801v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:20 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:19 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1403
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                                                                                                              ETag: "0x8DC582BDC2EEE03"
                                                                                                                                                                              x-ms-request-id: 19ae2231-801e-007b-0d9c-27e7ab000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165319Z-16849878b78zqkvcwgr6h55x9n00000007ng00000000yvsc
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:20 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              137192.168.2.44990013.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:19 UTC192OUTGET /rules/rule703500v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:20 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:19 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1362
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                                                                                                              ETag: "0x8DC582BDF497570"
                                                                                                                                                                              x-ms-request-id: f493011a-501e-008f-5f2c-289054000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165319Z-15b8d89586f8nxpt6ys645x5v000000009k000000000bran
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:20 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              138192.168.2.44990213.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:20 UTC192OUTGET /rules/rule701800v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:20 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:20 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1366
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                                                                                                                                                              ETag: "0x8DC582BEA414B16"
                                                                                                                                                                              x-ms-request-id: 9800c975-801e-008c-0e2c-267130000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165320Z-17c5cb586f67hfgj2durhqcxk8000000078g000000008t77
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:20 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              139192.168.2.44990313.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:20 UTC192OUTGET /rules/rule701051v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:20 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:20 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1399
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT
                                                                                                                                                                              ETag: "0x8DC582BE1CC18CD"
                                                                                                                                                                              x-ms-request-id: 54290c1c-d01e-008e-01bf-27387a000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165320Z-16849878b78fssff8btnns3b1400000008g000000000uss7
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:20 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              140192.168.2.44990413.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:20 UTC192OUTGET /rules/rule701050v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:20 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:20 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1362
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                                                                                              ETag: "0x8DC582BEB256F43"
                                                                                                                                                                              x-ms-request-id: 4113dc96-c01e-008e-5a2a-277381000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165320Z-16849878b78tg5n42kspfr0x48000000089000000000n0hm
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:20 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              141192.168.2.44990513.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:20 UTC192OUTGET /rules/rule702751v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:20 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:20 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1403
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                                                                                              ETag: "0x8DC582BEB866CDB"
                                                                                                                                                                              x-ms-request-id: 60449bdf-301e-005d-500b-26e448000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165320Z-16849878b78km6fmmkbenhx76n00000007r0000000005m5p
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:20 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              142192.168.2.44990613.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:20 UTC192OUTGET /rules/rule702750v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:20 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:20 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1366
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                                                                                                                                                              ETag: "0x8DC582BE5B7B174"
                                                                                                                                                                              x-ms-request-id: cf3e7330-401e-0078-5ca6-264d34000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165320Z-16849878b785jrf8dn0d2rczaw00000009hg000000003t22
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:20 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              143192.168.2.44990713.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:21 UTC192OUTGET /rules/rule702301v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:21 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:21 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1399
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT
                                                                                                                                                                              ETag: "0x8DC582BE976026E"
                                                                                                                                                                              x-ms-request-id: f9013c52-001e-0079-5ef2-2412e8000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165321Z-15b8d89586f42m673h1quuee4s0000000cc000000000dzvd
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:21 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              144192.168.2.44990813.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:21 UTC192OUTGET /rules/rule702300v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:21 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:21 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1362
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT
                                                                                                                                                                              ETag: "0x8DC582BDC13EFEF"
                                                                                                                                                                              x-ms-request-id: a91e6534-e01e-0020-5f90-27de90000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165321Z-r197bdfb6b4hsj5bywyqk9r2xw00000009s000000000kqve
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:21 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              145192.168.2.44990913.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:21 UTC192OUTGET /rules/rule703401v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:21 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:21 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1425
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                                                                                                                                                              ETag: "0x8DC582BE6BD89A1"
                                                                                                                                                                              x-ms-request-id: a453eede-301e-0033-02d5-26fa9c000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165321Z-17c5cb586f62bgw58esgbu9hgw0000000130000000003snv
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:21 UTC1425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              146192.168.2.44991113.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:21 UTC192OUTGET /rules/rule702501v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:21 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:21 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1415
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT
                                                                                                                                                                              ETag: "0x8DC582BE7C66E85"
                                                                                                                                                                              x-ms-request-id: ddb9aa53-101e-008d-17e8-2992e5000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165321Z-17c5cb586f6mkpfkkpsf1dpups00000003n000000000b0d5
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:21 UTC1415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              147192.168.2.44991013.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:21 UTC192OUTGET /rules/rule703400v0s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:21 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:21 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1388
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT
                                                                                                                                                                              ETag: "0x8DC582BDBD9126E"
                                                                                                                                                                              x-ms-request-id: 2264d41c-e01e-000c-05b3-278e36000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165321Z-17c5cb586f6wmhkn5q6fu8c5ss00000007n000000000ku6d
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:21 UTC1388INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              148192.168.2.44991313.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:22 UTC192OUTGET /rules/rule700501v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:22 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:22 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1405
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT
                                                                                                                                                                              ETag: "0x8DC582BE89A8F82"
                                                                                                                                                                              x-ms-request-id: 622dd3a6-e01e-0003-140d-260fa8000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165322Z-16849878b78g2m84h2v9sta290000000073000000000z6qg
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache-Info: L1_T2
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:22 UTC1405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              149192.168.2.44991213.107.246.64443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-30 16:53:22 UTC192OUTGET /rules/rule702500v1s19.xml HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                              Host: otelrules.azureedge.net
                                                                                                                                                                              2024-10-30 16:53:22 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Wed, 30 Oct 2024 16:53:22 GMT
                                                                                                                                                                              Content-Type: text/xml
                                                                                                                                                                              Content-Length: 1378
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                              Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT
                                                                                                                                                                              ETag: "0x8DC582BDB813B3F"
                                                                                                                                                                              x-ms-request-id: cc0127df-201e-0003-7bc7-27f85a000000
                                                                                                                                                                              x-ms-version: 2018-03-28
                                                                                                                                                                              x-azure-ref: 20241030T165322Z-17c5cb586f6mkpfkkpsf1dpups00000003rg000000000cd3
                                                                                                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                                                                                                              X-Cache: TCP_HIT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              2024-10-30 16:53:22 UTC1378INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />


                                                                                                                                                                              Statistics

                                                                                                                                                                              CPU Usage

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              Memory Usage

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                              Behavior

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              System Behavior

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:0
                                                                                                                                                                              Start time:12:51:58
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\PCPrivacyShieldSetup.exe"
                                                                                                                                                                              Imagebase:0xbc0000
                                                                                                                                                                              File size:14'903'080 bytes
                                                                                                                                                                              MD5 hash:36E634C5CD1D301DF846DF0D28F0DB50
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:1
                                                                                                                                                                              Start time:12:52:02
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                              Imagebase:0x7ff66e820000
                                                                                                                                                                              File size:69'632 bytes
                                                                                                                                                                              MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:high
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:2
                                                                                                                                                                              Start time:12:52:02
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 6D9D21CE130F74F78C1DEE127FBFAB9C C
                                                                                                                                                                              Imagebase:0x70000
                                                                                                                                                                              File size:59'904 bytes
                                                                                                                                                                              MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:high
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:3
                                                                                                                                                                              Start time:12:52:07
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Users\user\Desktop\PCPrivacyShieldSetup.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\PCPrivacyShieldSetup.exe" /i "C:\Users\user\AppData\Roaming\PC Privacy Shield\PC Privacy Shield 4.9.8\install\12F779E\PCPrivacyShield.msi" /L*v "C:\Users\user\AppData\Roaming\\PC Privacy Shield\PC Privacy Shield 4.9.8\install\installlog.txt" AI_EUIMSI=1 APPDIR="C:\Program Files (x86)\PC Privacy Shield" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Privacy Shield" SECONDSEQUENCE="1" CLIENTPROCESSID="7256" AI_MORE_CMD_LINE=1
                                                                                                                                                                              Imagebase:0xbc0000
                                                                                                                                                                              File size:14'903'080 bytes
                                                                                                                                                                              MD5 hash:36E634C5CD1D301DF846DF0D28F0DB50
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:4
                                                                                                                                                                              Start time:12:52:08
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding F339063B2D7F5AA49C6D3BCEA32A4992
                                                                                                                                                                              Imagebase:0x70000
                                                                                                                                                                              File size:59'904 bytes
                                                                                                                                                                              MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:high
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:5
                                                                                                                                                                              Start time:12:52:10
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 1C300E307AD5246F63AB5C1721DD9590 E Global\MSI0000
                                                                                                                                                                              Imagebase:0x70000
                                                                                                                                                                              File size:59'904 bytes
                                                                                                                                                                              MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:high
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:7
                                                                                                                                                                              Start time:12:52:13
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Program Files (x86)\PC Privacy Shield\InstAct.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" xtend
                                                                                                                                                                              Imagebase:0x740000
                                                                                                                                                                              File size:97'168 bytes
                                                                                                                                                                              MD5 hash:DC1153D77C40FE6977E0D4AC65866534
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                              • Detection: 3%, ReversingLabs
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:10
                                                                                                                                                                              Start time:12:52:15
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Program Files (x86)\PC Privacy Shield\InstAct.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" removeOld
                                                                                                                                                                              Imagebase:0xd10000
                                                                                                                                                                              File size:97'168 bytes
                                                                                                                                                                              MD5 hash:DC1153D77C40FE6977E0D4AC65866534
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:11
                                                                                                                                                                              Start time:12:52:17
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Program Files (x86)\PC Privacy Shield\InstAct.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" createini
                                                                                                                                                                              Imagebase:0x680000
                                                                                                                                                                              File size:97'168 bytes
                                                                                                                                                                              MD5 hash:DC1153D77C40FE6977E0D4AC65866534
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:14
                                                                                                                                                                              Start time:12:52:21
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Program Files (x86)\PC Privacy Shield\InstAct.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" install
                                                                                                                                                                              Imagebase:0x9c0000
                                                                                                                                                                              File size:97'168 bytes
                                                                                                                                                                              MD5 hash:DC1153D77C40FE6977E0D4AC65866534
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:15
                                                                                                                                                                              Start time:12:52:21
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Program Files (x86)\PC Privacy Shield\InstAct.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" installurl "C:\Users\user\Desktop\PCPrivacyShieldSetup.exe"
                                                                                                                                                                              Imagebase:0x2e0000
                                                                                                                                                                              File size:97'168 bytes
                                                                                                                                                                              MD5 hash:DC1153D77C40FE6977E0D4AC65866534
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:17
                                                                                                                                                                              Start time:12:52:22
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Program Files (x86)\PC Privacy Shield\InstAct.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" skipuac
                                                                                                                                                                              Imagebase:0x480000
                                                                                                                                                                              File size:97'168 bytes
                                                                                                                                                                              MD5 hash:DC1153D77C40FE6977E0D4AC65866534
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:18
                                                                                                                                                                              Start time:12:52:22
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Program Files (x86)\PC Privacy Shield\InstAct.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Program Files (x86)\PC Privacy Shield\InstAct.exe" popuptask
                                                                                                                                                                              Imagebase:0x520000
                                                                                                                                                                              File size:97'168 bytes
                                                                                                                                                                              MD5 hash:DC1153D77C40FE6977E0D4AC65866534
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:19
                                                                                                                                                                              Start time:12:52:24
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe" startscan "C:\Users\user\Desktop\PCPrivacyShieldSetup.exe"
                                                                                                                                                                              Imagebase:0x480000
                                                                                                                                                                              File size:6'461'328 bytes
                                                                                                                                                                              MD5 hash:5B34516DF5AB905BD334E908683A8084
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                              • Detection: 21%, ReversingLabs
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:20
                                                                                                                                                                              Start time:12:52:24
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Program Files (x86)\PC Privacy Shield\TaskTools.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Program Files (x86)\PC Privacy Shield\TaskTools.exe" run_program
                                                                                                                                                                              Imagebase:0xd50000
                                                                                                                                                                              File size:183'184 bytes
                                                                                                                                                                              MD5 hash:13C119FDEB84F4E4A9386E48CBE7B1FD
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                              • Detection: 3%, ReversingLabs
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:21
                                                                                                                                                                              Start time:12:52:25
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe" popup
                                                                                                                                                                              Imagebase:0x500000
                                                                                                                                                                              File size:6'461'328 bytes
                                                                                                                                                                              MD5 hash:5B34516DF5AB905BD334E908683A8084
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:23
                                                                                                                                                                              Start time:12:52:28
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" https://shieldapps.com/post-install/pc-privacy-shield-successful-installation/?lnT=PostInstall&ipA=173.254.250.78&mcA=2E65165C89BF&osN=Microsoft+Windows+10+Pro&osV=10.0.19045.0&lng=en&bdV=4.9.8&scR=&lcA=&lcE=
                                                                                                                                                                              Imagebase:0x7ff76e190000
                                                                                                                                                                              File size:3'242'272 bytes
                                                                                                                                                                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:high
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:24
                                                                                                                                                                              Start time:12:52:29
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe"
                                                                                                                                                                              Imagebase:0xa90000
                                                                                                                                                                              File size:6'461'328 bytes
                                                                                                                                                                              MD5 hash:5B34516DF5AB905BD334E908683A8084
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:25
                                                                                                                                                                              Start time:12:52:32
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=2024,i,16932873091567761477,1262112429000342913,262144 /prefetch:8
                                                                                                                                                                              Imagebase:0x7ff76e190000
                                                                                                                                                                              File size:3'242'272 bytes
                                                                                                                                                                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:high
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:27
                                                                                                                                                                              Start time:12:52:53
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe" minimized
                                                                                                                                                                              Imagebase:0x4c0000
                                                                                                                                                                              File size:6'461'328 bytes
                                                                                                                                                                              MD5 hash:5B34516DF5AB905BD334E908683A8084
                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:28
                                                                                                                                                                              Start time:12:53:01
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe" minimized
                                                                                                                                                                              Imagebase:0xcd0000
                                                                                                                                                                              File size:6'461'328 bytes
                                                                                                                                                                              MD5 hash:5B34516DF5AB905BD334E908683A8084
                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              Disassembly

                                                                                                                                                                              Reset < >

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:3.7%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                Signature Coverage:26.6%
                                                                                                                                                                                Total number of Nodes:1625
                                                                                                                                                                                Total number of Limit Nodes:72
                                                                                                                                                                                execution_graph 44459 d027f0 44539 bcab90 44459->44539 44462 d039de 44463 bca850 2 API calls 44462->44463 44464 bcab90 52 API calls 44465 d0286a 44464->44465 44465->44462 44466 d0296c 44465->44466 44630 cdbfa0 105 API calls _wcsrchr 44465->44630 44467 bcab90 52 API calls 44466->44467 44528 d029e3 std::ios_base::_Ios_base_dtor std::locale::_Setgloballocale 44467->44528 44469 d028a0 44631 be1a90 42 API calls 44469->44631 44471 d02906 44633 be1a90 42 API calls 44471->44633 44472 d035cb 44592 d21610 44472->44592 44473 d039c5 44766 bca850 44473->44766 44474 d028b0 44474->44471 44474->44473 44632 be1bb0 42 API calls 44474->44632 44477 d02915 44477->44473 44481 d02949 44477->44481 44491 d02935 44477->44491 44480 d03616 44483 d037ab 44480->44483 44489 d03672 CreateThread 44480->44489 44490 d0363d CreateEventW 44480->44490 44635 d03b20 105 API calls 44481->44635 44482 d039cf 44486 bca850 2 API calls 44482->44486 44484 d037cd CloseHandle 44483->44484 44519 d0370a 44483->44519 44484->44519 44492 d039d9 44486->44492 44488 d02957 44636 be11b0 44488->44636 44497 d036b2 WaitForSingleObject GetExitCodeThread 44489->44497 44498 d036ab 44489->44498 45085 d206d0 165 API calls 44489->45085 44494 d03653 44490->44494 44491->44481 44634 be1bb0 42 API calls 44491->44634 44770 d952ff 44492->44770 44494->44489 44495 d03813 44755 cc6ea0 13 API calls ___std_exception_destroy 44495->44755 44496 d03806 CloseHandle 44496->44495 44503 d036d1 44497->44503 44498->44497 44501 bcab90 52 API calls 44501->44528 44503->44483 44504 d03927 44505 d0393e 44504->44505 44756 d99d16 44504->44756 44759 d8fe6a 44505->44759 44508 d039bf 44509 d038f5 CloseHandle 44510 d03853 std::ios_base::_Ios_base_dtor 44509->44510 44510->44482 44510->44504 44510->44509 44511 cd1d50 124 API calls 44511->44528 44512 be1a90 42 API calls 44512->44528 44514 bc8190 41 API calls 44514->44528 44515 bca6d0 42 API calls 44515->44528 44517 bca380 42 API calls 44517->44528 44519->44495 44519->44496 44520 ccf600 41 API calls 44520->44528 44525 bc7690 41 API calls 44525->44528 44527 bc8810 40 API calls 44527->44528 44528->44462 44528->44472 44528->44482 44528->44492 44528->44501 44528->44511 44528->44512 44528->44514 44528->44515 44528->44517 44528->44519 44528->44520 44528->44525 44528->44527 44536 d03330 std::ios_base::_Ios_base_dtor std::locale::_Setgloballocale 44528->44536 44554 d8fea9 44528->44554 44561 cdbfa0 105 API calls _wcsrchr 44528->44561 44562 d204e0 CreateFileW 44528->44562 44567 cdcf10 44528->44567 44716 cced90 43 API calls 3 library calls 44528->44716 44717 ccea30 41 API calls 44528->44717 44718 ccf2d0 41 API calls std::_Locinfo::_Locinfo_ctor 44528->44718 44719 bca140 49 API calls 44528->44719 44720 cc3940 124 API calls 44528->44720 44731 cdaaa0 44528->44731 44529 d03361 FindFirstFileW 44530 d033b5 FindClose 44529->44530 44529->44536 44530->44536 44531 d204e0 3 API calls 44531->44536 44533 d03730 44537 bc8810 40 API calls 44533->44537 44536->44528 44536->44529 44536->44531 44536->44533 44721 bca380 44536->44721 44726 bca6d0 42 API calls 4 library calls 44536->44726 44727 bc8810 44536->44727 44537->44519 44540 bcabc8 44539->44540 44551 bcac1c 44539->44551 44775 d90372 EnterCriticalSection 44540->44775 44542 d90372 4 API calls 44545 bcac36 44542->44545 44544 bcabde GetProcessHeap 44779 d9022a 43 API calls 44544->44779 44553 bcaca7 44545->44553 44781 d9022a 43 API calls 44545->44781 44547 bcac0b 44780 d90328 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 44547->44780 44550 bcac96 44782 d90328 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 44550->44782 44551->44542 44551->44553 44553->44462 44553->44464 44555 d8feae std::_Locinfo::_Locinfo_ctor 44554->44555 44556 d8fec8 44555->44556 44558 d8feca std::_Facet_Register 44555->44558 44784 da54d3 EnterCriticalSection std::_Facet_Register 44555->44784 44556->44528 44785 d91bfa 44558->44785 44560 d90d10 44561->44528 44563 d2050d 44562->44563 44564 d20589 44563->44564 44565 bca850 2 API calls 44563->44565 44564->44528 44566 d205ba 44565->44566 44788 cdc960 44567->44788 44570 cdcf59 PathIsUNCW 44791 cdcb90 44570->44791 44571 cdcf45 44571->44528 44573 cdcf8e 44574 cdd121 44573->44574 44575 bca380 42 API calls 44573->44575 44576 bca850 2 API calls 44574->44576 44588 cdcfa5 44575->44588 44577 cdd12b CreateFileW 44576->44577 44578 cdd18c GetFileSize 44577->44578 44579 cdd19a 44577->44579 44578->44579 44580 cdd1b4 CloseHandle 44579->44580 44581 cdd1c2 44579->44581 44580->44581 44581->44528 44582 bca380 42 API calls 44582->44588 44584 cdd0a7 44584->44528 44585 be11b0 120 API calls 44586 cdd014 CreateDirectoryW 44585->44586 44587 cdd028 GetLastError 44586->44587 44586->44588 44587->44588 44588->44574 44588->44582 44588->44585 44589 cdaaa0 45 API calls 44588->44589 44590 cdd046 44588->44590 44591 be11b0 120 API calls 44588->44591 44589->44588 44867 cc6ea0 13 API calls ___std_exception_destroy 44590->44867 44591->44588 44593 d21676 CreateThread 44592->44593 44594 d21648 CreateEventW 44592->44594 44595 d2178c WaitForSingleObject GetExitCodeThread 44593->44595 44604 d216b2 44593->44604 45031 d21950 44593->45031 44596 d2165d 44594->44596 44597 d217c7 44595->44597 44598 d217b9 CloseHandle 44595->44598 44596->44593 44597->44480 44598->44597 44599 d217dd 44601 bca850 2 API calls 44599->44601 44600 d21770 44600->44595 44602 d217e7 44601->44602 44603 bcab90 52 API calls 44602->44603 44605 d21851 44603->44605 44604->44599 44604->44600 44606 d2193b 44605->44606 44607 d2185b 44605->44607 44608 bca850 2 API calls 44606->44608 44611 d21879 44607->44611 44613 d21887 44607->44613 44609 d21945 44608->44609 44610 d2195f WaitForSingleObject 44609->44610 44617 d21968 44609->44617 44610->44617 45008 bca140 49 API calls 44611->45008 44613->44613 45009 bca6d0 42 API calls 4 library calls 44613->45009 44615 d219eb 44618 bca850 2 API calls 44615->44618 44616 d21885 44619 cdcf10 151 API calls 44616->44619 44617->44615 44623 d2199c 44617->44623 44628 d219cb 44617->44628 45010 d01370 RtlAllocateHeap RaiseException 44617->45010 44622 d219f5 44618->44622 44620 d218c0 44619->44620 44959 d77900 44620->44959 45011 d21a20 WaitForSingleObject GetExitCodeThread TerminateThread CloseHandle 44622->45011 44623->44615 44623->44628 44980 d217f0 44623->44980 44627 d21a08 std::ios_base::_Ios_base_dtor 44627->44480 44628->44480 44629 d218ed 44629->44480 44630->44469 44631->44474 44632->44471 44633->44477 44634->44481 44635->44488 44643 be1241 std::_Locinfo::_Locinfo_ctor 44636->44643 44646 be11d6 ___crtCompareStringW std::locale::_Setgloballocale 44636->44646 44637 bca850 2 API calls 44638 be128c 44637->44638 44639 be12fb 44638->44639 44640 be12ee FindClose 44638->44640 45047 bca4a0 RtlAllocateHeap RaiseException 44639->45047 44640->44639 44642 be126f 44642->44466 44643->44637 44643->44642 44645 be1317 44648 bcab90 52 API calls 44645->44648 44646->44643 45045 d9540f 13 API calls __dosmaperr 44646->45045 44647 be125d 45046 d952ef 40 API calls __cftof 44647->45046 44653 be1329 44648->44653 44650 be16dc 44651 bca850 2 API calls 44650->44651 44652 be16e6 44651->44652 44654 bca380 42 API calls 44652->44654 44653->44650 44655 be1351 44653->44655 44658 be135f 44653->44658 44656 be172f 44654->44656 45048 bca140 49 API calls 44655->45048 44660 be192c 44656->44660 44662 be1950 44656->44662 44664 be1765 44656->44664 44658->44658 45049 bca6d0 42 API calls 4 library calls 44658->45049 44660->44466 44661 be135d 44663 be15cc 44661->44663 44666 be13a6 PathIsUNCW 44661->44666 44667 be14f5 FindFirstFileW 44661->44667 44665 bca850 2 API calls 44662->44665 44663->44466 44669 be1782 44664->44669 45058 be1bb0 42 API calls 44664->45058 44670 be195a 44665->44670 44671 be13bb 44666->44671 44672 be1485 44666->44672 44667->44663 44668 be150d GetFullPathNameW 44667->44668 44674 be1526 44668->44674 44715 be1661 ___crtCompareStringW 44668->44715 45059 be1b00 54 API calls 44669->45059 45050 bd4a70 54 API calls 4 library calls 44671->45050 45052 bd4a70 54 API calls 4 library calls 44672->45052 44677 be1541 GetFullPathNameW 44674->44677 44682 be155a ___crtCompareStringW 44677->44682 44679 be178d 44681 be11b0 112 API calls 44679->44681 44680 bca850 2 API calls 44680->44650 44683 be17a1 44681->44683 44686 be1606 44682->44686 44695 be158e 44682->44695 44682->44715 44683->44660 44684 be17d4 PathIsUNCW 44683->44684 44687 be17e8 44684->44687 44688 be18b7 44684->44688 44685 be13c3 44685->44667 44691 bd4e60 105 API calls 44685->44691 44697 be1618 _wcsrchr 44686->44697 45054 bca550 42 API calls 4 library calls 44686->45054 45060 bd4a70 54 API calls 4 library calls 44687->45060 45062 bd4a70 54 API calls 4 library calls 44688->45062 44696 be143e 44691->44696 44694 be15c4 SetLastError 44694->44663 44695->44694 44699 be15b7 FindClose 44695->44699 45051 be1a90 42 API calls 44696->45051 44698 be1638 _wcsrchr 44697->44698 45055 bca550 42 API calls 4 library calls 44697->45055 44704 be164b 44698->44704 44705 be1665 44698->44705 44699->44694 44702 be1451 44702->44667 44703 be1476 44702->44703 45053 be1960 42 API calls 3 library calls 44703->45053 44707 be16b3 44704->44707 44704->44715 45056 bca550 42 API calls 4 library calls 44704->45056 44705->44715 45057 bca550 42 API calls 4 library calls 44705->45057 44706 be17f0 44706->44660 44708 bd4e60 105 API calls 44706->44708 44707->44663 44709 be1871 44708->44709 45061 be1a90 42 API calls 44709->45061 44714 be1883 44714->44660 45063 be1960 42 API calls 3 library calls 44714->45063 44715->44680 44715->44707 44716->44528 44717->44528 44718->44528 44719->44528 44720->44528 44722 bca38b 44721->44722 45064 bca610 42 API calls 44722->45064 44724 bca43f 44725 bca380 42 API calls 44724->44725 44726->44536 44728 bc883d 44727->44728 44729 bc885e std::ios_base::_Ios_base_dtor 44727->44729 44728->44536 44728->44727 44728->44729 44730 d952ff std::_Throw_Cpp_error 40 API calls 44728->44730 44729->44536 44730->44728 44732 cdaada 44731->44732 44737 cdaaeb 44731->44737 44735 cdab7d 44732->44735 44732->44737 44733 cdab3b 44733->44528 44734 bca380 42 API calls 44734->44733 44736 bca850 2 API calls 44735->44736 44738 cdab87 44736->44738 44737->44733 44737->44734 44739 cdabf1 44738->44739 45074 da29b1 14 API calls 2 library calls 44738->45074 44739->44528 44755->44510 45075 da820d 44756->45075 44760 d8fe72 44759->44760 44761 d8fe73 IsProcessorFeaturePresent 44759->44761 44760->44508 44763 d90573 44761->44763 45082 d90536 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 44763->45082 44765 d90656 44765->44508 44767 bca85d 44766->44767 44768 d91bfa std::_Throw_Cpp_error RaiseException 44767->44768 44769 bca86a RtlAllocateHeap 44768->44769 44769->44482 45083 d9523b 40 API calls __cftof 44770->45083 44772 d9530e 45084 d9531c 11 API calls std::locale::_Setgloballocale 44772->45084 44774 d9531b 44777 d90386 44775->44777 44776 bcabd2 44776->44544 44776->44551 44777->44776 44783 d903fa SleepConditionVariableCS WaitForSingleObjectEx EnterCriticalSection 44777->44783 44779->44547 44780->44551 44781->44550 44782->44553 44783->44777 44784->44555 44786 d91c41 RaiseException 44785->44786 44787 d91c14 44785->44787 44786->44560 44787->44786 44868 cdc9a0 44788->44868 44792 bcab90 52 API calls 44791->44792 44793 cdcbc9 44792->44793 44794 cdceee 44793->44794 44798 bcab90 52 API calls 44793->44798 44795 bca850 2 API calls 44794->44795 44796 cdcef8 44795->44796 44797 bca850 2 API calls 44796->44797 44799 cdcf02 44797->44799 44800 cdcbea 44798->44800 44802 cdc960 10 API calls 44799->44802 44800->44794 44801 cdcbf2 44800->44801 44881 cdcae0 44801->44881 44803 cdcf41 44802->44803 44805 cdcf59 PathIsUNCW 44803->44805 44806 cdcf45 44803->44806 44807 cdcb90 138 API calls 44805->44807 44806->44573 44809 cdcf8e 44807->44809 44812 cdd121 44809->44812 44816 bca380 42 API calls 44809->44816 44810 cdcd19 44944 be1a90 42 API calls 44810->44944 44811 cdcc15 44813 cdccaa 44811->44813 44827 cdcc3b 44811->44827 44818 bca850 2 API calls 44812->44818 44817 bd4e60 105 API calls 44813->44817 44815 cdcd22 PathIsUNCW 44821 cdcd3c 44815->44821 44852 cdcfa5 44816->44852 44819 cdccc4 44817->44819 44820 cdd12b CreateFileW 44818->44820 44943 be1a90 42 API calls 44819->44943 44823 cdd18c GetFileSize 44820->44823 44824 cdd19a 44820->44824 44825 bd4e60 105 API calls 44821->44825 44823->44824 44828 cdd1b4 CloseHandle 44824->44828 44829 cdd1c2 44824->44829 44830 cdcd68 44825->44830 44826 cdccd7 44835 be11b0 120 API calls 44826->44835 44884 bd4e60 44827->44884 44828->44829 44829->44573 44834 be11b0 120 API calls 44830->44834 44831 bca380 42 API calls 44831->44852 44838 cdcd7a 44834->44838 44839 cdcca8 44835->44839 44836 cdcc55 44942 be1a90 42 API calls 44836->44942 44837 cdd0a7 44837->44573 44945 cd1ec0 55 API calls 6 library calls 44838->44945 44839->44815 44841 cdcc68 44843 be11b0 120 API calls 44841->44843 44843->44839 44844 cdcda6 44845 cdcdaf 44844->44845 44846 cdcdf8 44844->44846 44946 cbe930 54 API calls 2 library calls 44845->44946 44948 cbe930 54 API calls 2 library calls 44846->44948 44847 be11b0 120 API calls 44850 cdd014 CreateDirectoryW 44847->44850 44851 cdd028 GetLastError 44850->44851 44850->44852 44851->44852 44852->44812 44852->44831 44852->44847 44857 cdaaa0 45 API calls 44852->44857 44858 cdd046 44852->44858 44859 be11b0 120 API calls 44852->44859 44853 cdcdbb 44947 cdf770 108 API calls 44853->44947 44854 cdce1d 44949 cdf770 108 API calls 44854->44949 44857->44852 44951 cc6ea0 13 API calls ___std_exception_destroy 44858->44951 44859->44852 44860 cdce30 44861 cdaaa0 45 API calls 44860->44861 44865 cdce5d 44861->44865 44862 cdcdce 44862->44573 44863 cdce96 44950 cc6ea0 13 API calls ___std_exception_destroy 44863->44950 44865->44796 44865->44863 44866 cdaaa0 45 API calls 44865->44866 44866->44865 44867->44584 44872 cdc9e4 44868->44872 44879 cdc9dc 44868->44879 44869 d8fe6a _ValidateLocalCookies 5 API calls 44871 cdc988 44869->44871 44870 cdcad1 44873 bca850 2 API calls 44870->44873 44871->44570 44871->44571 44872->44870 44875 cdca14 std::locale::_Setgloballocale 44872->44875 44872->44879 44874 cdcadb 44873->44874 44876 cdca32 FindFirstFileW 44875->44876 44875->44879 44877 cdca7e GetLastError 44876->44877 44878 cdca61 44876->44878 44877->44878 44878->44879 44880 cdca9b FindClose 44878->44880 44879->44869 44880->44879 44882 bd4e60 105 API calls 44881->44882 44883 cdcb11 44882->44883 44883->44810 44883->44811 44885 bd4eb7 44884->44885 44886 bd4ff0 44884->44886 44888 bd4f09 44885->44888 44890 bd4ed9 44885->44890 44887 bca850 2 API calls 44886->44887 44889 bd4ffa 44887->44889 44893 bcab90 52 API calls 44888->44893 44902 bd4f1b 44888->44902 44954 bca610 42 API calls 44889->44954 44894 bca380 42 API calls 44890->44894 44892 bd4fff 44895 bca850 2 API calls 44892->44895 44893->44902 44896 bd4ee1 44894->44896 44897 bd5009 44895->44897 44896->44836 44898 bca850 2 API calls 44897->44898 44899 bd5013 44898->44899 44900 bd50dd GetWindowTextLengthW 44899->44900 44901 bd505a 44899->44901 44908 bd5104 std::_Locinfo::_Locinfo_ctor 44900->44908 44903 bd50bf GetWindowLongW 44901->44903 44904 bd5061 44901->44904 44902->44889 44902->44892 44902->44897 44906 bd4f43 44902->44906 44911 bd50cc 44903->44911 44907 bd52a7 NtdllDefWindowProc_W 44904->44907 44909 bd5082 GetWindowLongW 44904->44909 44906->44897 44914 bd4f83 std::locale::_Setgloballocale 44906->44914 44924 bd52f6 44907->44924 44916 bd515b SetWindowTextW 44908->44916 44917 bd52c9 44908->44917 44909->44907 44912 bd5098 GetWindowLongW SetWindowLongW NtdllDefWindowProc_W 44909->44912 44910 d8fe6a _ValidateLocalCookies 5 API calls 44913 bd531e 44910->44913 44911->44907 44912->44924 44913->44836 44915 bd4f9f std::_Locinfo::_Locinfo_ctor 44914->44915 44952 d9540f 13 API calls __dosmaperr 44914->44952 44915->44836 44918 bd5177 44916->44918 44919 bd517d 44916->44919 44920 d99d16 ___std_exception_destroy 13 API calls 44917->44920 44917->44924 44918->44919 44922 bd520b 44919->44922 44923 bd5193 GlobalAlloc 44919->44923 44920->44924 44922->44917 44958 bd5580 81 API calls 6 library calls 44922->44958 44923->44922 44926 bd51a3 GlobalLock 44923->44926 44924->44910 44925 bd4fc1 44953 d952ef 40 API calls __cftof 44925->44953 44934 bd51b8 std::locale::_Setgloballocale 44926->44934 44929 bd523e 44930 bd52b7 44929->44930 44936 bd5257 SetWindowLongW 44929->44936 44930->44917 44932 bd51db 44956 d952ef 40 API calls __cftof 44932->44956 44935 bd51bd std::_Locinfo::_Locinfo_ctor 44934->44935 44955 d9540f 13 API calls __dosmaperr 44934->44955 44957 bca0a0 RtlAllocateHeap RaiseException 44935->44957 44940 bd526b 44936->44940 44938 bd51f1 GlobalUnlock 44938->44922 44939 bd529a 44939->44911 44940->44939 44941 d99d16 ___std_exception_destroy 13 API calls 44940->44941 44941->44939 44942->44841 44943->44826 44944->44815 44945->44844 44946->44853 44947->44862 44948->44854 44949->44860 44950->44862 44951->44837 44952->44925 44953->44915 44954->44892 44955->44932 44956->44935 44957->44938 44958->44929 44960 d77c77 44959->44960 44978 d77971 44959->44978 44961 d8fe6a _ValidateLocalCookies 5 API calls 44960->44961 44962 d77ee7 44961->44962 44962->44629 44964 d77a73 44965 d77bed 44964->44965 44971 d77aae 44964->44971 44965->44960 44966 d8fea9 std::_Facet_Register 2 API calls 44965->44966 44968 d77bfd GetEnvironmentVariableW 44966->44968 44967 d7b7e0 RaiseException 44967->44971 45017 d76840 GetCurrentProcess GetProcessAffinityMask 44968->45017 44969 d77af9 CreateFileW 44969->44971 44972 d77b59 CloseHandle 44969->44972 44971->44964 44971->44967 44971->44969 44975 d77b94 CloseHandle 44971->44975 44972->44971 44974 d77b64 GetLastError 44972->44974 44974->44971 44975->44971 44977 d77a25 CreateDirectoryW 44977->44978 44978->44964 44978->44977 45012 d7b7e0 44978->45012 44979 d8fea9 std::_Facet_Register 2 API calls 44979->44960 44981 d21827 44980->44981 44982 bcab90 52 API calls 44981->44982 44983 d21851 44982->44983 44984 d2193b 44983->44984 44985 d2185b 44983->44985 44986 bca850 2 API calls 44984->44986 44989 d21879 44985->44989 44995 d21887 44985->44995 44987 d21945 44986->44987 44988 d2195f WaitForSingleObject 44987->44988 45001 d21968 44987->45001 44988->45001 45027 bca140 49 API calls 44989->45027 44992 d219eb 44996 bca850 2 API calls 44992->44996 44993 d21885 44997 cdcf10 151 API calls 44993->44997 44994 d2199c 44994->44992 45003 d217f0 168 API calls 44994->45003 45006 d219cb 44994->45006 45028 bca6d0 42 API calls 4 library calls 44995->45028 45000 d219f5 44996->45000 44998 d218c0 44997->44998 45004 d77900 20 API calls 44998->45004 45030 d21a20 WaitForSingleObject GetExitCodeThread TerminateThread CloseHandle 45000->45030 45001->44992 45001->44994 45001->45006 45029 d01370 RtlAllocateHeap RaiseException 45001->45029 45003->44994 45007 d218ed 45004->45007 45005 d21a08 std::ios_base::_Ios_base_dtor 45005->44623 45006->44623 45007->44623 45008->44616 45009->44616 45010->44617 45011->44627 45013 d7b807 45012->45013 45014 d7b871 std::_Locinfo::_Locinfo_ctor 45012->45014 45013->45014 45015 d91bfa std::_Throw_Cpp_error RaiseException 45013->45015 45014->44978 45016 d7b8aa 45015->45016 45018 d768f0 GetSystemInfo 45017->45018 45019 d7687e 45017->45019 45020 d768ff GetModuleHandleA GetProcAddress 45018->45020 45019->45018 45023 d76886 45019->45023 45021 d76955 GlobalMemoryStatusEx 45020->45021 45022 d7698e GlobalMemoryStatus 45020->45022 45021->45022 45024 d76960 45021->45024 45022->45024 45023->45020 45023->45023 45025 d8fe6a _ValidateLocalCookies 5 API calls 45024->45025 45026 d76aae 45025->45026 45026->44979 45027->44993 45028->44993 45029->45001 45030->45005 45032 d2195f WaitForSingleObject 45031->45032 45034 d21968 45031->45034 45032->45034 45033 d219eb 45035 bca850 2 API calls 45033->45035 45034->45033 45038 d2199c 45034->45038 45042 d219cb 45034->45042 45043 d01370 RtlAllocateHeap RaiseException 45034->45043 45037 d219f5 45035->45037 45044 d21a20 WaitForSingleObject GetExitCodeThread TerminateThread CloseHandle 45037->45044 45038->45033 45040 d217f0 169 API calls 45038->45040 45038->45042 45040->45038 45041 d21a08 std::ios_base::_Ios_base_dtor 45043->45034 45044->45041 45045->44647 45046->44643 45047->44645 45048->44661 45049->44661 45050->44685 45051->44702 45052->44702 45053->44667 45054->44697 45055->44698 45056->44715 45057->44715 45058->44669 45059->44679 45060->44706 45061->44714 45062->44714 45063->44660 45064->44724 45076 da8218 RtlFreeHeap 45075->45076 45077 d99d2e 45075->45077 45076->45077 45078 da822d GetLastError 45076->45078 45077->44505 45079 da823a __dosmaperr 45078->45079 45081 d9540f 13 API calls __dosmaperr 45079->45081 45081->45077 45082->44765 45083->44772 45084->44774 45086 d8d43d 45112 d8d19b 45086->45112 45088 d8d44d 45089 d8d4aa 45088->45089 45093 d8d4ce 45088->45093 45121 d8d3db 6 API calls 3 library calls 45089->45121 45091 d8d4b5 RaiseException 45092 d8d6a3 45091->45092 45094 d8d546 LoadLibraryExA 45093->45094 45096 d8d5a7 45093->45096 45099 d8d5b9 45093->45099 45108 d8d675 45093->45108 45095 d8d559 GetLastError 45094->45095 45094->45096 45097 d8d56c 45095->45097 45098 d8d582 45095->45098 45096->45099 45101 d8d5b2 FreeLibrary 45096->45101 45097->45096 45097->45098 45122 d8d3db 6 API calls 3 library calls 45098->45122 45100 d8d617 GetProcAddress 45099->45100 45099->45108 45103 d8d627 GetLastError 45100->45103 45100->45108 45101->45099 45104 d8d63a 45103->45104 45104->45108 45123 d8d3db 6 API calls 3 library calls 45104->45123 45106 d8d58d RaiseException 45106->45092 45124 d8d3db 6 API calls 3 library calls 45108->45124 45109 d8d65b RaiseException 45110 d8d19b DloadAcquireSectionWriteAccess 6 API calls 45109->45110 45111 d8d672 45110->45111 45111->45108 45113 d8d1cd 45112->45113 45114 d8d1a7 45112->45114 45113->45088 45125 d8d244 GetModuleHandleW GetProcAddress GetProcAddress DloadAcquireSectionWriteAccess 45114->45125 45116 d8d1ac 45117 d8d1c8 45116->45117 45126 d8d36d VirtualQuery GetSystemInfo VirtualProtect DloadProtectSection 45116->45126 45127 d8d1ce GetModuleHandleW GetProcAddress GetProcAddress 45117->45127 45120 d8d416 45120->45088 45121->45091 45122->45106 45123->45109 45124->45092 45125->45116 45126->45117 45127->45120 45128 c7f120 IsWindow 45129 c7f174 DestroyWindow 45128->45129 45130 c7f17d 45128->45130 45129->45130 45131 bc8810 40 API calls 45130->45131 45132 c7f193 45131->45132 45147 bf9f10 40 API calls 2 library calls 45132->45147 45134 c7f1ac 45135 bc8810 40 API calls 45134->45135 45136 c7f1b8 45135->45136 45137 bc8810 40 API calls 45136->45137 45138 c7f1c4 45137->45138 45139 bc8810 40 API calls 45138->45139 45140 c7f1d0 45139->45140 45141 bc8810 40 API calls 45140->45141 45142 c7f1db 45141->45142 45148 c340a0 52 API calls 45142->45148 45144 c7f1e7 45145 c7f213 45144->45145 45149 d8fabf 10 API calls 45144->45149 45147->45134 45148->45144 45149->45145 45150 d8fa13 GetProcessHeap HeapAlloc 45151 d8fa2b 45150->45151 45152 d8fa2f 45150->45152 45160 d8f7a5 45152->45160 45154 d8fa3a 45155 d8fa56 45154->45155 45157 d8fa4a 45154->45157 45174 d8f8b1 15 API calls std::locale::_Setgloballocale 45155->45174 45158 d8fa63 GetProcessHeap HeapFree 45157->45158 45159 d8fa74 45157->45159 45158->45151 45161 d8f7bf LoadLibraryExA 45160->45161 45162 d8f7b2 DecodePointer 45160->45162 45163 d8f7d8 45161->45163 45164 d8f850 45161->45164 45162->45154 45175 d8f855 GetProcAddress EncodePointer 45163->45175 45164->45154 45166 d8f7e8 45166->45164 45176 d8f855 GetProcAddress EncodePointer 45166->45176 45168 d8f7ff 45168->45164 45177 d8f855 GetProcAddress EncodePointer 45168->45177 45170 d8f816 45170->45164 45178 d8f855 GetProcAddress EncodePointer 45170->45178 45172 d8f82d 45172->45164 45173 d8f834 DecodePointer 45172->45173 45173->45164 45174->45157 45175->45166 45176->45168 45177->45170 45178->45172 45179 bc9590 45180 bc95a8 45179->45180 45181 bc959a CloseHandle 45179->45181 45181->45180 45182 cc4260 45183 cc44c7 45182->45183 45185 cc42ac 45182->45185 45184 d8fe6a _ValidateLocalCookies 5 API calls 45183->45184 45186 cc4549 45184->45186 45187 bcab90 52 API calls 45185->45187 45188 cc42d6 45187->45188 45189 cc454d 45188->45189 45190 cc42e0 45188->45190 45191 bca850 2 API calls 45189->45191 45193 cc42fb 45190->45193 45195 cc4309 45190->45195 45192 cc4557 45191->45192 45267 bca140 49 API calls 45193->45267 45195->45195 45268 bca6d0 42 API calls 4 library calls 45195->45268 45197 cc4307 45198 bc8810 40 API calls 45197->45198 45199 cc4339 CreateFileW 45198->45199 45200 cc4389 45199->45200 45201 cc436b CloseHandle 45199->45201 45213 bfd4d0 56 API calls 45200->45213 45201->45183 45203 cc4392 45214 cc4560 45203->45214 45205 cc43a5 WriteFile 45206 cc43d5 45205->45206 45207 cc440d CloseHandle 45206->45207 45208 cc441b 45206->45208 45207->45208 45269 cdbfa0 105 API calls _wcsrchr 45208->45269 45210 cc4426 45211 cc4447 ShellExecuteExW 45210->45211 45212 cc4430 45210->45212 45211->45212 45212->45183 45213->45203 45215 bcab90 52 API calls 45214->45215 45216 cc459a 45215->45216 45217 cc461e 45216->45217 45218 cc45a0 45216->45218 45219 bca850 2 API calls 45217->45219 45221 cc45ce 45218->45221 45222 cc45eb 45218->45222 45220 cc4628 45219->45220 45226 cdc960 10 API calls 45220->45226 45328 cc6300 54 API calls 45221->45328 45329 cc6300 54 API calls 45222->45329 45225 cc45e6 45225->45205 45227 cc4680 45226->45227 45228 bca380 42 API calls 45227->45228 45229 cc468e 45228->45229 45230 cc46f0 45229->45230 45270 cc4b90 45229->45270 45232 cc4710 GetModuleHandleW 45230->45232 45235 cc477c 45232->45235 45236 cc4744 45232->45236 45233 cc46a9 45299 be1a90 42 API calls 45233->45299 45240 cc47d4 45235->45240 45243 d90372 4 API calls 45235->45243 45238 d90372 4 API calls 45236->45238 45237 cc46b6 MoveFileW 45242 cdc960 10 API calls 45237->45242 45241 cc474e 45238->45241 45250 d90372 4 API calls 45240->45250 45260 cc482c 45240->45260 45241->45235 45244 cc475a GetProcAddress 45241->45244 45245 cc46e8 45242->45245 45246 cc47a6 45243->45246 45330 d90328 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 45244->45330 45245->45230 45248 cc4a71 45245->45248 45246->45240 45249 cc47b2 GetProcAddress 45246->45249 45325 d9b6e4 45248->45325 45331 d90328 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 45249->45331 45252 cc47fe 45250->45252 45251 cc4779 45251->45235 45255 cc480a GetProcAddress 45252->45255 45252->45260 45332 d90328 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 45255->45332 45258 cc47d1 45258->45240 45262 cc4a05 45260->45262 45300 c9a630 GetSystemDirectoryW 45260->45300 45261 cc4829 45261->45260 45333 cc5f60 11 API calls 45262->45333 45264 cc4a11 45265 d8fe6a _ValidateLocalCookies 5 API calls 45264->45265 45266 cc4a69 45265->45266 45266->45205 45267->45197 45268->45197 45269->45210 45271 cc4bd0 45270->45271 45272 bcab90 52 API calls 45271->45272 45283 cc4be8 45272->45283 45273 cc4cdd 45274 bca850 2 API calls 45273->45274 45275 cc4ce7 FreeLibrary EnterCriticalSection 45274->45275 45276 cc4d56 45275->45276 45281 cc4d7c std::ios_base::_Ios_base_dtor 45275->45281 45277 cc4d6c 45276->45277 45278 cc4d5c DestroyWindow 45276->45278 45277->45281 45284 d99d16 ___std_exception_destroy 13 API calls 45277->45284 45278->45277 45280 cdc960 10 API calls 45280->45283 45282 cc4dcd 45281->45282 45285 d99d16 ___std_exception_destroy 13 API calls 45281->45285 45292 cc4de3 std::ios_base::_Ios_base_dtor 45281->45292 45287 d99d16 ___std_exception_destroy 13 API calls 45282->45287 45282->45292 45283->45273 45283->45280 45286 cc4c5a 45283->45286 45290 bcab90 52 API calls 45283->45290 45340 bc9bb0 73 API calls 45283->45340 45284->45281 45285->45282 45289 cc4ca2 45286->45289 45293 cc4c78 45286->45293 45298 cc4c7f 45286->45298 45287->45292 45341 bca6d0 42 API calls 4 library calls 45289->45341 45290->45283 45334 cc70e0 45292->45334 45297 bca380 42 API calls 45293->45297 45295 cc4e79 45295->45233 45296 cc4e73 CoUninitialize 45296->45295 45297->45298 45298->45233 45299->45237 45301 c9a73b 45300->45301 45302 c9a67f 45300->45302 45303 d8fe6a _ValidateLocalCookies 5 API calls 45301->45303 45302->45301 45304 bcab90 52 API calls 45302->45304 45305 c9a78b 45303->45305 45306 c9a68f 45304->45306 45305->45260 45307 c9a699 45306->45307 45308 c9a793 45306->45308 45311 c9a6b5 45307->45311 45315 c9a6c3 45307->45315 45309 bca850 2 API calls 45308->45309 45310 c9a79d 45309->45310 45312 d8fea9 std::_Facet_Register 2 API calls 45310->45312 45355 bca140 49 API calls 45311->45355 45314 c9a8f2 45312->45314 45343 bde010 45314->45343 45315->45315 45356 bca6d0 42 API calls 4 library calls 45315->45356 45316 c9a6c1 45320 be11b0 120 API calls 45316->45320 45318 c9a93a GetSysColor 45318->45260 45322 c9a702 45320->45322 45321 be11b0 120 API calls 45323 c9a729 45321->45323 45322->45321 45323->45301 45324 c9a73f LoadLibraryExW 45323->45324 45324->45301 45358 d9b4cc 45325->45358 45328->45225 45329->45225 45330->45251 45331->45258 45332->45261 45333->45264 45335 cc4e67 45334->45335 45336 cc7111 45334->45336 45335->45295 45335->45296 45336->45334 45339 cc7127 std::ios_base::_Ios_base_dtor 45336->45339 45342 bd8f60 RaiseException 45336->45342 45337 cc716c DeleteCriticalSection 45337->45335 45339->45337 45340->45283 45341->45298 45342->45336 45345 bde02d 45343->45345 45353 bde0a7 std::ios_base::_Ios_base_dtor 45343->45353 45344 bde0ed 45357 bc86e0 41 API calls 2 library calls 45344->45357 45345->45344 45347 bde06b 45345->45347 45348 bde044 45345->45348 45351 d8fea9 std::_Facet_Register 2 API calls 45347->45351 45352 bde055 45347->45352 45348->45344 45350 d8fea9 std::_Facet_Register 2 API calls 45348->45350 45349 bde0f2 45350->45352 45351->45352 45352->45353 45354 d952ff std::_Throw_Cpp_error 40 API calls 45352->45354 45353->45318 45354->45344 45355->45316 45356->45316 45357->45349 45359 d9b4f9 45358->45359 45360 d9b50b 45358->45360 45383 d9b594 GetModuleHandleW 45359->45383 45370 d9b375 45360->45370 45363 d9b4fe 45363->45360 45384 d9b5f9 GetModuleHandleExW 45363->45384 45364 d9b542 45365 cc4a7b 45364->45365 45376 d9b563 45364->45376 45369 d9b55d 45371 d9b381 std::locale::_Setgloballocale 45370->45371 45390 da38b3 EnterCriticalSection 45371->45390 45373 d9b38b 45391 d9b3e1 45373->45391 45375 d9b398 std::locale::_Setgloballocale 45375->45364 45410 d9b5d7 45376->45410 45379 d9b581 45381 d9b5f9 std::locale::_Setgloballocale 3 API calls 45379->45381 45380 d9b571 GetCurrentProcess TerminateProcess 45380->45379 45382 d9b589 ExitProcess 45381->45382 45383->45363 45385 d9b659 45384->45385 45386 d9b638 GetProcAddress 45384->45386 45387 d9b50a 45385->45387 45388 d9b65f FreeLibrary 45385->45388 45386->45385 45389 d9b64c 45386->45389 45387->45360 45388->45387 45389->45385 45390->45373 45393 d9b3ed std::locale::_Setgloballocale 45391->45393 45392 d9b454 std::locale::_Setgloballocale 45392->45375 45393->45392 45395 da5f5b 45393->45395 45396 da5f67 __EH_prolog3 45395->45396 45399 da5cb3 45396->45399 45398 da5f8e std::locale::_Init 45398->45392 45400 da5cbf std::locale::_Setgloballocale 45399->45400 45405 da38b3 EnterCriticalSection 45400->45405 45402 da5ccd 45406 da5e6b 45402->45406 45404 da5cda std::locale::_Setgloballocale 45404->45398 45405->45402 45407 da5e8a 45406->45407 45408 da5e82 45406->45408 45407->45408 45409 da820d ___free_lconv_mon 13 API calls 45407->45409 45408->45404 45409->45408 45415 daa11f 6 API calls std::locale::_Setgloballocale 45410->45415 45412 d9b5dc 45413 d9b5e1 GetPEB 45412->45413 45414 d9b56d 45412->45414 45413->45414 45414->45379 45414->45380 45415->45412 45416 cdd1e0 45417 cdcae0 105 API calls 45416->45417 45418 cdd224 45417->45418 45419 bcab90 52 API calls 45418->45419 45423 cdd230 45419->45423 45420 cdd34b 45421 bca850 2 API calls 45420->45421 45422 cdd355 45421->45422 45424 bcab90 52 API calls 45422->45424 45423->45420 45425 cdd257 45423->45425 45429 cdd264 45423->45429 45426 cdd38f 45424->45426 45466 bca140 49 API calls 45425->45466 45430 cdd48e 45426->45430 45469 cdd5c0 RtlAllocateHeap GetEnvironmentVariableW GetEnvironmentVariableW RaiseException ___crtCompareStringW 45426->45469 45429->45429 45467 bca6d0 42 API calls 4 library calls 45429->45467 45432 bca850 2 API calls 45430->45432 45431 cdd28c PathIsUNCW 45439 cdd2ac 45431->45439 45434 cdd498 45432->45434 45433 cdd262 45433->45431 45437 bca850 2 API calls 45434->45437 45435 cdd324 45441 cdd4a2 SHGetSpecialFolderPathW 45437->45441 45438 cdd311 45438->45435 45442 bca850 2 API calls 45438->45442 45439->45435 45439->45438 45468 bca550 42 API calls 4 library calls 45439->45468 45440 cdd3b8 45446 bca380 42 API calls 45440->45446 45458 cdd3bf 45440->45458 45443 cdd50a 45441->45443 45444 cdd564 45441->45444 45442->45420 45448 bcab90 52 API calls 45443->45448 45447 bcab90 52 API calls 45444->45447 45455 cdd3d0 45446->45455 45450 cdd569 45447->45450 45449 cdd50f 45448->45449 45451 cdd519 45449->45451 45452 cdd5aa 45449->45452 45450->45452 45464 cdd53f 45450->45464 45459 cdd534 45451->45459 45460 cdd541 45451->45460 45454 bca850 2 API calls 45452->45454 45453 cdd42c 45470 d9b23a 42 API calls 2 library calls 45453->45470 45457 cdd5b4 45454->45457 45455->45430 45455->45434 45455->45453 45471 bca140 49 API calls 45459->45471 45472 bca6d0 42 API calls 4 library calls 45460->45472 45461 d8fe6a _ValidateLocalCookies 5 API calls 45463 cdd5a2 45461->45463 45464->45461 45466->45433 45467->45431 45468->45438 45469->45440 45470->45458 45471->45464 45472->45464 45473 bd21d0 45474 bd2244 45473->45474 45476 bd2207 std::ios_base::_Ios_base_dtor 45473->45476 45475 bc8810 40 API calls 45475->45476 45476->45474 45476->45475 45477 cdb960 45521 cda0b0 41 API calls 45477->45521 45479 cdb99f 45522 bf15f0 41 API calls 45479->45522 45481 cdb9b7 45523 bc9c70 41 API calls 45481->45523 45483 cdb9cd 45484 bc8810 40 API calls 45483->45484 45485 cdb9df 45484->45485 45487 cdbc48 45485->45487 45490 cdba19 std::ios_base::_Ios_base_dtor std::locale::_Setgloballocale 45485->45490 45486 cdbaa2 45488 cdbac9 45486->45488 45491 cdbaaf 45486->45491 45492 d952ff std::_Throw_Cpp_error 40 API calls 45487->45492 45524 ce4b10 45488->45524 45490->45486 45554 bd89f0 53 API calls 45490->45554 45556 ce62f0 95 API calls 5 library calls 45491->45556 45493 cdbc4d 45492->45493 45497 d952ff std::_Throw_Cpp_error 40 API calls 45493->45497 45494 cdbada 45557 bc8190 41 API calls 2 library calls 45494->45557 45501 cdbc52 45497->45501 45499 cdba73 45555 bc8060 41 API calls std::_Locinfo::_Locinfo_ctor 45499->45555 45500 cdbac6 45500->45488 45560 bc8190 41 API calls 2 library calls 45501->45560 45502 cdbb11 45558 cda0b0 41 API calls 45502->45558 45505 cdbcb9 45561 d91ad5 45505->45561 45506 cdbb25 45559 ce29a0 59 API calls 5 library calls 45506->45559 45512 cdbbdf std::ios_base::_Ios_base_dtor 45515 bc8810 40 API calls 45512->45515 45513 cdbcdb 45514 cdbb45 std::ios_base::_Ios_base_dtor 45514->45493 45514->45512 45516 cdbc15 45515->45516 45517 bc8810 40 API calls 45516->45517 45518 cdbc27 45517->45518 45519 d8fe6a _ValidateLocalCookies 5 API calls 45518->45519 45520 cdbc42 45519->45520 45521->45479 45522->45481 45523->45483 45576 bc8700 45524->45576 45526 ce4bb9 std::locale::_Setgloballocale 45527 ce4bea LoadStringW 45526->45527 45528 ce4c19 45527->45528 45534 ce4c43 std::locale::_Setgloballocale 45527->45534 45591 bc8190 41 API calls 2 library calls 45528->45591 45530 ce4c98 LoadStringW 45532 ce4caf 45530->45532 45530->45534 45531 ce4c3a 45536 bc8810 40 API calls 45531->45536 45537 ce4ce5 std::ios_base::_Ios_base_dtor 45531->45537 45593 bc8190 41 API calls 2 library calls 45532->45593 45534->45530 45592 ce4e80 42 API calls 2 library calls 45534->45592 45536->45537 45538 ce4d87 std::ios_base::_Ios_base_dtor 45537->45538 45539 ce4dc6 45537->45539 45540 d8fe6a _ValidateLocalCookies 5 API calls 45538->45540 45541 d952ff std::_Throw_Cpp_error 40 API calls 45539->45541 45542 ce4dbf 45540->45542 45544 ce4dcb 45541->45544 45542->45494 45543 ce4e6e 45547 bca850 2 API calls 45543->45547 45544->45543 45545 ce4e09 45544->45545 45546 ce4e51 SysAllocStringLen 45544->45546 45548 ce4e0e CLSIDFromString SysFreeString 45545->45548 45546->45548 45549 ce4e64 45546->45549 45550 ce4e78 45547->45550 45551 d8fe6a _ValidateLocalCookies 5 API calls 45548->45551 45552 bca850 2 API calls 45549->45552 45553 ce4e4d 45551->45553 45552->45543 45553->45494 45554->45499 45555->45486 45556->45500 45557->45502 45558->45506 45559->45514 45560->45505 45595 d91ae3 45561->45595 45563 d91ada 45564 cdbccc 45563->45564 45613 da950e EnterCriticalSection std::locale::_Setgloballocale 45563->45613 45575 ce62f0 95 API calls 5 library calls 45564->45575 45566 d99990 45567 d9999b 45566->45567 45614 da9553 40 API calls 6 library calls 45566->45614 45569 d999a5 IsProcessorFeaturePresent 45567->45569 45570 d999c4 45567->45570 45571 d999b1 45569->45571 45616 d9b6a8 22 API calls std::locale::_Setgloballocale 45570->45616 45615 d950f3 8 API calls 2 library calls 45571->45615 45574 d999ce 45575->45513 45577 bc874b 45576->45577 45578 bc870b 45576->45578 45594 bc86e0 41 API calls 2 library calls 45577->45594 45580 bc8714 45578->45580 45581 bc8736 45578->45581 45580->45577 45582 bc871b 45580->45582 45583 bc8746 45581->45583 45586 d8fea9 std::_Facet_Register 2 API calls 45581->45586 45585 d8fea9 std::_Facet_Register 2 API calls 45582->45585 45583->45526 45584 d952ff std::_Throw_Cpp_error 40 API calls 45587 bc8755 45584->45587 45588 bc8721 45585->45588 45589 bc8740 45586->45589 45588->45584 45590 bc872a 45588->45590 45589->45526 45590->45526 45591->45531 45592->45534 45593->45531 45594->45588 45596 d91aec 45595->45596 45597 d91aef GetLastError 45595->45597 45596->45563 45617 d94ccd 6 API calls ___vcrt_FlsSetValue 45597->45617 45599 d91b04 45600 d91b23 45599->45600 45601 d91b69 SetLastError 45599->45601 45618 d94d08 6 API calls ___vcrt_FlsSetValue 45599->45618 45600->45601 45601->45563 45603 d91b1d 45603->45600 45604 d91b27 45603->45604 45619 da29b1 14 API calls 2 library calls 45604->45619 45613->45566 45614->45567 45615->45570 45616->45574 45617->45599 45618->45603 45620 ce1da0 45621 ce1e1b 45620->45621 45622 ce1dd7 45620->45622 45623 d90372 4 API calls 45622->45623 45624 ce1de1 45623->45624 45624->45621 45626 d90328 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 45624->45626 45626->45621 45627 d01140 45628 d011a0 45627->45628 45629 bca380 42 API calls 45628->45629 45630 d011a8 45629->45630 45631 bca380 42 API calls 45630->45631 45633 d011c7 45631->45633 45632 d01267 45635 be11b0 120 API calls 45632->45635 45633->45632 45634 d0128d 45633->45634 45637 bca850 2 API calls 45634->45637 45636 d01277 45635->45636 45638 d01297 45637->45638 45643 d01f00 45638->45643 45640 d012af 45641 d012e3 45640->45641 45661 d023d0 45640->45661 45644 d01f4b SetFilePointer 45643->45644 45645 d01fed 45643->45645 45644->45645 45646 d02001 45644->45646 45645->45640 45647 bcab90 52 API calls 45646->45647 45648 d02021 45647->45648 45649 d0233f 45648->45649 45652 d0205f ReadFile 45648->45652 45655 d02205 45648->45655 45650 bca850 2 API calls 45649->45650 45651 d02349 45650->45651 45653 bca850 2 API calls 45651->45653 45654 d022c1 GetLastError 45652->45654 45652->45655 45656 d02353 45653->45656 45688 cdfda0 75 API calls 45654->45688 45655->45640 45656->45640 45658 d022de 45659 cdcae0 105 API calls 45658->45659 45660 d022f8 45659->45660 45660->45649 45662 d0240b SetFilePointer 45661->45662 45666 d0268c 45661->45666 45663 d02436 GetLastError 45662->45663 45664 d024ba 45662->45664 45689 cdfda0 75 API calls 45663->45689 45665 d024e0 ReadFile 45664->45665 45664->45666 45668 d02763 GetLastError 45665->45668 45680 d02502 45665->45680 45666->45641 45692 cdfda0 75 API calls 45668->45692 45669 d02450 45671 cdcae0 105 API calls 45669->45671 45676 d02468 45671->45676 45672 d02780 45674 cdcae0 105 API calls 45672->45674 45673 bcab90 52 API calls 45673->45680 45679 d026eb 45674->45679 45675 d027d9 45677 bca850 2 API calls 45675->45677 45676->45641 45678 d027e3 45677->45678 45679->45666 45680->45665 45680->45666 45680->45668 45680->45673 45680->45675 45680->45679 45681 d02562 ReadFile 45680->45681 45682 d026b9 GetLastError 45680->45682 45687 bca380 42 API calls 45680->45687 45690 bca6d0 42 API calls 4 library calls 45680->45690 45681->45680 45681->45682 45691 cdfda0 75 API calls 45682->45691 45684 d026d6 45685 cdcae0 105 API calls 45684->45685 45685->45679 45687->45680 45688->45658 45689->45669 45690->45680 45691->45684 45692->45672 45693 c16e70 45694 c16ed1 45693->45694 45702 c16f08 45693->45702 45695 c16edc 45694->45695 45696 c16f8e 45694->45696 45697 c16f13 45695->45697 45698 c16eea 45695->45698 45821 bc7b70 41 API calls std::_Throw_Cpp_error 45696->45821 45697->45702 45705 d8fea9 std::_Facet_Register 2 API calls 45697->45705 45700 c16f93 45698->45700 45701 c16ef5 45698->45701 45822 bc86e0 41 API calls 2 library calls 45700->45822 45704 d8fea9 std::_Facet_Register 2 API calls 45701->45704 45706 c16efb 45704->45706 45705->45702 45706->45702 45707 d952ff std::_Throw_Cpp_error 40 API calls 45706->45707 45708 c16f9d 45707->45708 45711 c17126 45708->45711 45823 bc7df0 41 API calls std::_Throw_Cpp_error 45708->45823 45709 c171f3 45734 c173a8 45709->45734 45833 c70280 47 API calls _ValidateLocalCookies 45709->45833 45711->45709 45794 ce0330 45711->45794 45713 c1720a 45834 c298b0 InterlockedPushEntrySList InterlockedPushEntrySList 45713->45834 45714 c17019 45824 c8c680 41 API calls 45714->45824 45718 c1702a 45825 bc7cb0 40 API calls 45718->45825 45722 c17037 45725 bc8810 40 API calls 45722->45725 45723 c1740d 45838 c21d40 41 API calls 45723->45838 45724 bc8810 40 API calls 45726 c171c8 45724->45726 45727 c1704b 45725->45727 45728 c171e0 45726->45728 45832 bd2a10 41 API calls 45726->45832 45729 bc8810 40 API calls 45727->45729 45732 bc8810 40 API calls 45728->45732 45737 c17057 45729->45737 45732->45709 45733 c17438 45839 c21d40 41 API calls 45733->45839 45793 c176cb 45734->45793 45837 c21d40 41 API calls 45734->45837 45736 c17463 45840 c21d40 41 API calls 45736->45840 45737->45711 45738 c170c9 45737->45738 45826 bc7df0 41 API calls std::_Throw_Cpp_error 45737->45826 45738->45711 45829 bc7df0 41 API calls std::_Throw_Cpp_error 45738->45829 45739 bc8810 40 API calls 45740 c17796 45739->45740 45743 bc8810 40 API calls 45740->45743 45741 c17215 45741->45734 45835 bc9610 41 API calls 45741->45835 45747 c177aa 45743->45747 45745 c1748e 45841 c21d40 41 API calls 45745->45841 45850 c09410 44 API calls _ValidateLocalCookies 45747->45850 45748 c1708b 45827 c8c680 41 API calls 45748->45827 45749 c170e8 45830 c8c680 41 API calls 45749->45830 45754 c1709c 45828 bc7cb0 40 API calls 45754->45828 45757 c170f9 45831 bc7cb0 40 API calls 45757->45831 45758 c177cd 45762 d8fe6a _ValidateLocalCookies 5 API calls 45758->45762 45759 c170a9 45764 bc8810 40 API calls 45759->45764 45760 c174b9 45842 c21d40 41 API calls 45760->45842 45763 c177e5 45762->45763 45767 c170bd 45764->45767 45765 c17325 45836 c0efe0 54 API calls 2 library calls 45765->45836 45766 c17106 45768 bc8810 40 API calls 45766->45768 45770 bc8810 40 API calls 45767->45770 45769 c1711a 45768->45769 45773 bc8810 40 API calls 45769->45773 45770->45738 45773->45711 45774 c17359 45776 bc8810 40 API calls 45774->45776 45775 c174e4 45843 c21d40 41 API calls 45775->45843 45776->45734 45778 c1750e 45844 c18360 44 API calls 2 library calls 45778->45844 45780 c1755b 45781 bc8810 40 API calls 45780->45781 45791 c17583 45781->45791 45782 c1768b 45848 bf0dd0 40 API calls 2 library calls 45782->45848 45785 c17697 45849 bc7cb0 40 API calls 45785->45849 45788 c176bc 45789 bc8810 40 API calls 45788->45789 45789->45793 45791->45782 45792 bc8810 40 API calls 45791->45792 45845 c181d0 41 API calls 45791->45845 45846 ccfee0 41 API calls 45791->45846 45847 bc7cb0 40 API calls 45791->45847 45792->45791 45793->45739 45795 ce0389 45794->45795 45796 ce03a6 CreateFileW 45795->45796 45797 ce03a4 45795->45797 45798 ce03e6 45796->45798 45806 ce03da std::ios_base::_Ios_base_dtor 45796->45806 45797->45796 45851 ce0790 45798->45851 45800 ce0729 CloseHandle 45801 ce0737 45800->45801 45803 d8fe6a _ValidateLocalCookies 5 API calls 45801->45803 45802 ce040d ReadFile 45808 ce0441 45802->45808 45815 ce0435 std::ios_base::_Ios_base_dtor 45802->45815 45804 c171b0 45803->45804 45804->45724 45805 ce0478 SetFilePointer GetFileSize 45812 ce04a2 45805->45812 45805->45815 45806->45800 45806->45801 45807 ce0780 45809 d952ff std::_Throw_Cpp_error 40 API calls 45807->45809 45808->45805 45808->45815 45819 ce0507 std::locale::_Setgloballocale 45808->45819 45810 ce0785 45809->45810 45811 ce04e5 ReadFile 45811->45815 45811->45819 45812->45811 45814 ce0790 46 API calls 45812->45814 45816 ce04ad std::locale::_Setgloballocale 45812->45816 45814->45816 45815->45806 45815->45807 45816->45811 45817 bc8810 40 API calls 45817->45819 45819->45815 45819->45817 45820 ce06bd ReadFile 45819->45820 45870 ce0f80 43 API calls 45819->45870 45871 bc8060 41 API calls std::_Locinfo::_Locinfo_ctor 45819->45871 45820->45815 45820->45819 45822->45706 45823->45714 45824->45718 45825->45722 45826->45748 45827->45754 45828->45759 45829->45749 45830->45757 45831->45766 45832->45728 45833->45713 45834->45741 45835->45765 45836->45774 45837->45723 45838->45733 45839->45736 45840->45745 45841->45760 45842->45775 45843->45778 45844->45780 45845->45791 45846->45791 45847->45791 45848->45785 45849->45788 45850->45758 45852 ce07cf 45851->45852 45853 ce08fc 45851->45853 45855 ce07eb 45852->45855 45856 ce083c 45852->45856 45857 ce082c 45852->45857 45872 bc7b70 41 API calls std::_Throw_Cpp_error 45853->45872 45859 d8fea9 std::_Facet_Register 2 API calls 45855->45859 45860 ce07fe std::_Locinfo::_Locinfo_ctor std::locale::_Setgloballocale 45856->45860 45862 d8fea9 std::_Facet_Register 2 API calls 45856->45862 45857->45855 45858 ce0901 45857->45858 45873 bc86e0 41 API calls 2 library calls 45858->45873 45859->45860 45863 d952ff std::_Throw_Cpp_error 40 API calls 45860->45863 45868 ce08b5 std::ios_base::_Ios_base_dtor 45860->45868 45862->45860 45864 ce090b 45863->45864 45874 cdff30 LoadLibraryW 45864->45874 45867 cdff30 3 API calls 45869 ce0950 SendMessageW SendMessageW 45867->45869 45868->45802 45869->45802 45870->45819 45871->45819 45873->45860 45875 cdff8b GetProcAddress 45874->45875 45876 cdff9b 45874->45876 45875->45876 45877 ce000e FreeLibrary 45876->45877 45878 ce001c 45876->45878 45877->45878 45878->45867 45879 d315a0 45880 d315f0 45879->45880 45881 d31797 45879->45881 45883 d31792 45880->45883 45886 d31663 45880->45886 45887 d3163c 45880->45887 45923 bc7b70 41 API calls std::_Throw_Cpp_error 45881->45923 45922 bc86e0 41 API calls 2 library calls 45883->45922 45885 d952ff std::_Throw_Cpp_error 40 API calls 45889 d317a1 45885->45889 45888 d3164d 45886->45888 45891 d8fea9 std::_Facet_Register 2 API calls 45886->45891 45887->45883 45890 d31647 45887->45890 45911 d31738 45888->45911 45913 d31940 45888->45913 45924 d31070 40 API calls std::ios_base::_Ios_base_dtor 45889->45924 45893 d8fea9 std::_Facet_Register 2 API calls 45890->45893 45891->45888 45893->45888 45894 d317ad 45925 be6690 40 API calls 2 library calls 45894->45925 45898 d317bb 45901 d91bfa std::_Throw_Cpp_error RaiseException 45898->45901 45899 d316b1 45905 d316e4 45899->45905 45908 d31940 41 API calls 45899->45908 45900 d316fe 45919 d31870 41 API calls std::_Facet_Register 45900->45919 45903 d317c4 45901->45903 45904 d31709 45920 d31870 41 API calls std::_Facet_Register 45904->45920 45918 d31070 40 API calls std::ios_base::_Ios_base_dtor 45905->45918 45908->45899 45909 d316f3 45912 d3175d std::ios_base::_Ios_base_dtor 45909->45912 45921 d31070 40 API calls std::ios_base::_Ios_base_dtor 45909->45921 45911->45885 45911->45912 45914 d8fea9 std::_Facet_Register 2 API calls 45913->45914 45915 d31989 45914->45915 45926 d31b70 45915->45926 45918->45909 45919->45904 45920->45909 45921->45911 45922->45881 45924->45894 45925->45898 45927 d31bb2 45926->45927 45937 d3169f 45926->45937 45928 d8fea9 std::_Facet_Register 2 API calls 45927->45928 45929 d31bd4 45928->45929 45938 bc7690 45929->45938 45931 d31bea 45932 bc7690 41 API calls 45931->45932 45933 d31bfa 45932->45933 45934 d31b70 41 API calls 45933->45934 45935 d31c4b 45934->45935 45936 d31b70 41 API calls 45935->45936 45936->45937 45937->45899 45937->45900 45939 bc76b6 45938->45939 45940 bc772f 45939->45940 45943 bc76c1 45939->45943 45949 bc8760 41 API calls std::_Throw_Cpp_error 45940->45949 45942 bc76cd std::_Locinfo::_Locinfo_ctor 45942->45931 45943->45942 45945 bc8700 41 API calls 45943->45945 45947 bc770c std::_Locinfo::_Locinfo_ctor 45945->45947 45947->45931 45950 d31f40 45969 d325a0 45950->45969 45952 d31f86 WaitForSingleObject 45953 d31fa2 ResetEvent 45952->45953 45966 d31f9b std::ios_base::_Ios_base_dtor 45952->45966 45954 d8fea9 std::_Facet_Register 2 API calls 45953->45954 45955 d31fb0 45954->45955 45956 bc7690 41 API calls 45955->45956 45957 d31fd3 45956->45957 45958 bc7690 41 API calls 45957->45958 45960 d31fe2 std::ios_base::_Ios_base_dtor 45958->45960 45959 d320ef std::ios_base::_Ios_base_dtor 45961 d8fea9 std::_Facet_Register 2 API calls 45959->45961 45960->45959 45962 d32186 45960->45962 45964 d3212b CreateThread 45961->45964 45963 d952ff std::_Throw_Cpp_error 40 API calls 45962->45963 45965 d3218b 45963->45965 45964->45966 45997 bfb0b0 45964->45997 45992 d37f10 41 API calls 3 library calls 45965->45992 45968 d321a1 45993 bc8190 41 API calls 2 library calls 45969->45993 45971 d32604 45994 bc8060 41 API calls std::_Locinfo::_Locinfo_ctor 45971->45994 45973 d32620 45995 bc8060 41 API calls std::_Locinfo::_Locinfo_ctor 45973->45995 45975 d3262f 45996 d3b9b0 42 API calls 45975->45996 45977 d3263a OpenEventW 45978 d32673 45977->45978 45979 d3265a CreateEventW 45977->45979 45980 bc8810 40 API calls 45978->45980 45979->45978 45981 d3267f 45980->45981 45982 d326b2 std::ios_base::_Ios_base_dtor 45981->45982 45984 d326f1 45981->45984 45983 d8fe6a _ValidateLocalCookies 5 API calls 45982->45983 45985 d326e8 45983->45985 45986 d952ff std::_Throw_Cpp_error 40 API calls 45984->45986 45985->45952 45987 d326f6 45986->45987 45988 d3274b std::ios_base::_Ios_base_dtor 45987->45988 45989 bc8810 40 API calls 45987->45989 45988->45952 45990 d3273c 45989->45990 45991 bc8810 40 API calls 45990->45991 45991->45988 45992->45968 45993->45971 45994->45973 45995->45975 45996->45977 45998 bfb0c3 std::ios_base::_Ios_base_dtor 45997->45998 46003 d91a9d 45998->46003 46001 bfb0eb 46002 bfb0d9 SetUnhandledExceptionFilter 46002->46001 46004 d91ad5 __set_se_translator 51 API calls 46003->46004 46005 d91aa6 46004->46005 46006 d91ad5 __set_se_translator 51 API calls 46005->46006 46007 bfb0cd 46006->46007 46007->46001 46007->46002 46008 bd8e2b 46009 bd8e4c GetWindowLongW CallWindowProcW 46008->46009 46010 bd8e36 CallWindowProcW 46008->46010 46011 bd8e80 GetWindowLongW 46009->46011 46013 bd8e9b 46009->46013 46010->46013 46012 bd8e8d SetWindowLongW 46011->46012 46011->46013 46012->46013 46014 cc2170 46015 cc21a7 46014->46015 46021 cc21e7 46014->46021 46016 d90372 4 API calls 46015->46016 46017 cc21b1 46016->46017 46017->46021 46022 d9022a 43 API calls 46017->46022 46019 cc21d3 46023 d90328 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 46019->46023 46022->46019 46023->46021 46024 cc6270 46025 cc627d MultiByteToWideChar 46024->46025 46026 cc62da 46024->46026 46025->46026 46027 cc6295 46025->46027 46035 bca4a0 RtlAllocateHeap RaiseException 46026->46035 46029 cc62b0 MultiByteToWideChar 46027->46029 46031 cc62e9 46029->46031 46032 cc62c7 46029->46032 46030 cc62e1 46033 bca850 2 API calls 46031->46033 46034 cc62f3 46033->46034 46035->46030 46036 bcaa60 46037 bcaa6c 46036->46037 46038 bcaaa4 46036->46038 46037->46038 46039 bca850 2 API calls 46037->46039 46039->46038 46040 cc8330 46041 cc8369 46040->46041 46042 cc83d2 RegCreateKeyExW 46040->46042 46044 cc836e GetModuleHandleW 46041->46044 46045 cc83c5 46041->46045 46043 cc83cb 46042->46043 46046 cc8404 46043->46046 46049 cc83fb RegCloseKey 46043->46049 46047 cc837d 46044->46047 46048 cc8396 GetProcAddress 46044->46048 46045->46042 46045->46043 46048->46043 46050 cc83a6 46048->46050 46049->46046 46050->46043 46051 bfb720 46052 bfc1de 46051->46052 46053 bfb767 46051->46053 46055 bca850 2 API calls 46052->46055 46053->46052 46054 bfb770 46053->46054 46056 bfb80c 46054->46056 46058 bcab90 52 API calls 46054->46058 46057 bfc1e8 46055->46057 46220 d8dc64 44 API calls 6 library calls 46056->46220 46060 d952ff std::_Throw_Cpp_error 40 API calls 46057->46060 46061 bfb78b 46058->46061 46063 bfc1ed 46060->46063 46065 bfc218 46061->46065 46074 be11b0 120 API calls 46061->46074 46062 bfb82c 46221 bfdc20 45 API calls 6 library calls 46062->46221 46260 d8da12 41 API calls std::_Throw_Cpp_error 46063->46260 46068 bca850 2 API calls 46065->46068 46067 bfc1f4 46261 d8da12 41 API calls std::_Throw_Cpp_error 46067->46261 46071 bfc222 46068->46071 46069 bfb83f 46222 bfde20 46 API calls 4 library calls 46069->46222 46075 bca850 2 API calls 46071->46075 46073 bfc1fb 46262 d8da12 41 API calls std::_Throw_Cpp_error 46073->46262 46078 bfb7b8 46074->46078 46079 bfc22c 46075->46079 46076 bfb84b 46223 bfda60 41 API calls std::_Facet_Register 46076->46223 46082 bfb7dc 46078->46082 46089 bfb7ce 46078->46089 46083 bca850 2 API calls 46079->46083 46081 bfc202 46263 d99ae2 46 API calls 2 library calls 46081->46263 46244 d0f8f0 84 API calls _ValidateLocalCookies 46082->46244 46095 bfc236 std::locale::_Setgloballocale 46083->46095 46084 bfb86a 46224 bfe2b0 41 API calls 2 library calls 46084->46224 46087 bfb7ea 46087->46056 46088 bfc207 46264 d8da12 41 API calls std::_Throw_Cpp_error 46088->46264 46090 be11b0 120 API calls 46089->46090 46090->46082 46093 cdcae0 105 API calls 46099 bfb95a 46093->46099 46094 bfb8a1 46094->46093 46095->46095 46096 bfc33b 46095->46096 46265 bc8190 41 API calls 2 library calls 46096->46265 46098 bfc349 46100 d8fea9 std::_Facet_Register 2 API calls 46098->46100 46225 bc8190 41 API calls 2 library calls 46099->46225 46102 bfc38c 46100->46102 46266 d99c7a 45 API calls 2 library calls 46102->46266 46103 bfb999 46226 ccecc0 43 API calls _ValidateLocalCookies 46103->46226 46106 bfc3be 46108 bfc3cf 46106->46108 46109 bfc503 46106->46109 46107 bfb9a9 46111 bc8810 40 API calls 46107->46111 46112 bfc3fe GetCurrentThreadId 46108->46112 46113 bfc514 46108->46113 46268 d8da12 41 API calls std::_Throw_Cpp_error 46109->46268 46117 bfb9b5 46111->46117 46114 bfc51b 46112->46114 46115 bfc411 46112->46115 46269 d8da12 41 API calls std::_Throw_Cpp_error 46113->46269 46270 d8da12 41 API calls std::_Throw_Cpp_error 46114->46270 46267 d8da76 WaitForSingleObjectEx GetExitCodeThread CloseHandle 46115->46267 46227 bc8190 41 API calls 2 library calls 46117->46227 46121 bfc41f 46122 bfc522 46121->46122 46123 bfc42a 46121->46123 46271 d8da12 41 API calls std::_Throw_Cpp_error 46122->46271 46125 bfc44b 46123->46125 46126 bfc529 46123->46126 46127 bfc48d std::ios_base::_Ios_base_dtor 46125->46127 46133 bfc52e 46125->46133 46272 d99ae2 46 API calls 2 library calls 46126->46272 46132 bc8810 40 API calls 46127->46132 46129 bfb9d9 46134 bfb9ec 46129->46134 46136 bfbade lstrcmpiW 46129->46136 46131 bfbb25 46138 bfbb3f 46131->46138 46150 bfbc5e lstrcmpiW 46131->46150 46135 bfc4ba 46132->46135 46137 d952ff std::_Throw_Cpp_error 40 API calls 46133->46137 46153 bfbcbc 46134->46153 46245 bc8190 41 API calls 2 library calls 46134->46245 46139 bc8810 40 API calls 46135->46139 46136->46134 46140 bfc533 46137->46140 46138->46153 46246 bc8190 41 API calls 2 library calls 46138->46246 46143 bfc4c9 46139->46143 46141 bc8810 40 API calls 46140->46141 46144 bfc575 46141->46144 46146 bc8810 40 API calls 46143->46146 46145 bfbca1 46247 ccddc0 lstrcmpiW 46145->46247 46147 bfc4e8 46146->46147 46151 d8fe6a _ValidateLocalCookies 5 API calls 46147->46151 46148 bc8810 40 API calls 46152 bfbce4 std::ios_base::_Ios_base_dtor 46148->46152 46150->46138 46154 bfc4ff 46151->46154 46152->46057 46159 bfbd8a std::ios_base::_Ios_base_dtor 46152->46159 46153->46148 46153->46152 46155 bfbe98 46228 cde790 46155->46228 46156 bfbdb2 46158 d8fea9 std::_Facet_Register 2 API calls 46156->46158 46161 bfbdc0 46158->46161 46159->46155 46159->46156 46248 d99c7a 45 API calls 2 library calls 46161->46248 46162 bfbea5 46250 bc8190 41 API calls 2 library calls 46162->46250 46163 bfbf54 46165 bcab90 52 API calls 46163->46165 46167 bfbf59 46165->46167 46166 bfbdf9 46166->46063 46166->46088 46170 bfbe2b GetCurrentThreadId 46166->46170 46167->46065 46168 bfbf63 46167->46168 46174 bfbf8e 46168->46174 46175 bfbf83 46168->46175 46170->46067 46172 bfbe3e 46170->46172 46171 bfbee0 46251 bc8190 41 API calls 2 library calls 46171->46251 46249 d8da76 WaitForSingleObjectEx GetExitCodeThread CloseHandle 46172->46249 46253 bca6d0 42 API calls 4 library calls 46174->46253 46252 bca140 49 API calls 46175->46252 46176 bfbe4c 46176->46073 46180 bfbe57 46176->46180 46180->46081 46184 bfbe82 46180->46184 46181 bfbf8c 46254 cde070 110 API calls 46181->46254 46182 bfbf1c 46187 bc8810 40 API calls 46182->46187 46185 bfbf4c 46184->46185 46186 bfc0d0 46185->46186 46189 bfc13c 46185->46189 46191 bcab90 52 API calls 46185->46191 46186->46189 46193 bcab90 52 API calls 46186->46193 46188 bfbf40 46187->46188 46190 bc8810 40 API calls 46188->46190 46259 bfd4d0 56 API calls 46189->46259 46190->46185 46195 bfc016 46191->46195 46194 bfc0de 46193->46194 46194->46079 46197 bfc0e8 46194->46197 46195->46071 46198 bfc020 46195->46198 46196 bfc14a 46199 bfc17e Sleep 46196->46199 46200 bfc189 46196->46200 46201 be11b0 120 API calls 46197->46201 46202 be11b0 120 API calls 46198->46202 46199->46200 46206 bc8810 40 API calls 46200->46206 46203 bfc108 46201->46203 46204 bfc040 46202->46204 46257 cdbdb0 148 API calls 46203->46257 46255 cdfda0 75 API calls 46204->46255 46209 bfc1be 46206->46209 46208 bfc113 46258 d0f8f0 84 API calls _ValidateLocalCookies 46208->46258 46213 d8fe6a _ValidateLocalCookies 5 API calls 46209->46213 46210 bfc055 46211 bfc080 46210->46211 46217 bfc072 46210->46217 46256 d0f8f0 84 API calls _ValidateLocalCookies 46211->46256 46216 bfc1d8 46213->46216 46215 bfc11e 46215->46189 46219 be11b0 120 API calls 46217->46219 46218 bfc091 46218->46186 46219->46211 46220->46062 46221->46069 46222->46076 46223->46084 46224->46094 46225->46103 46226->46107 46227->46129 46229 cde7d8 GetCurrentProcess OpenProcessToken 46228->46229 46230 cde7fc GetTokenInformation 46229->46230 46231 cde7ef GetLastError 46229->46231 46233 cde81f GetLastError 46230->46233 46234 cde84b 46230->46234 46232 cde8a4 46231->46232 46237 cde8dd 46232->46237 46238 cde8cf CloseHandle 46232->46238 46235 cde89e GetLastError 46233->46235 46241 cde82a 46233->46241 46234->46235 46236 cde851 AllocateAndInitializeSid 46234->46236 46235->46232 46236->46232 46239 cde882 EqualSid FreeSid 46236->46239 46240 d8fe6a _ValidateLocalCookies 5 API calls 46237->46240 46238->46237 46239->46232 46242 bfbe9d 46240->46242 46243 cde835 GetTokenInformation 46241->46243 46242->46162 46242->46163 46243->46234 46243->46235 46244->46087 46245->46131 46246->46145 46247->46153 46248->46166 46249->46176 46250->46171 46251->46182 46252->46181 46253->46181 46254->46184 46255->46210 46256->46218 46257->46208 46258->46215 46259->46196 46263->46088 46265->46098 46266->46106 46267->46121 46272->46133 46273 bfb200 46275 bfb249 46273->46275 46274 bfb26e 46276 bc8810 40 API calls 46274->46276 46275->46274 46337 bccd80 46275->46337 46278 bfb27d 46276->46278 46332 bc8190 41 API calls 2 library calls 46278->46332 46280 bfb2a1 46333 d2f1f0 46280->46333 46283 bfb38d 46284 d952ff std::_Throw_Cpp_error 40 API calls 46283->46284 46286 bfb392 46284->46286 46285 bfb2ee std::ios_base::_Ios_base_dtor 46287 bfb35f 46285->46287 46288 bfb323 LoadLibraryExW 46285->46288 46289 bcab90 52 API calls 46286->46289 46291 d8fe6a _ValidateLocalCookies 5 API calls 46287->46291 46288->46287 46290 bfb335 GetProcAddress GetProcAddress GetProcAddress 46288->46290 46292 bfb3da 46289->46292 46290->46287 46293 bfb387 46291->46293 46294 bfb4f1 46292->46294 46299 bfb3e4 46292->46299 46295 bca850 2 API calls 46294->46295 46296 bfb4fb 46295->46296 46297 bcab90 52 API calls 46296->46297 46298 bfb533 46297->46298 46301 bfb62c 46298->46301 46307 bcab90 52 API calls 46298->46307 46300 be11b0 120 API calls 46299->46300 46302 bfb429 46300->46302 46303 bca850 2 API calls 46301->46303 46304 be11b0 120 API calls 46302->46304 46305 bfb636 46303->46305 46306 bfb438 46304->46306 46308 be11b0 120 API calls 46306->46308 46309 bfb55a 46307->46309 46310 bfb447 46308->46310 46309->46301 46313 bcab90 52 API calls 46309->46313 46311 bfb46b 46310->46311 46312 be11b0 120 API calls 46310->46312 46347 bc8190 41 API calls 2 library calls 46311->46347 46314 bfb45c 46312->46314 46315 bfb57e 46313->46315 46316 be11b0 120 API calls 46314->46316 46315->46301 46319 bcab90 52 API calls 46315->46319 46316->46311 46318 bfb4a8 46320 bfb5a9 46319->46320 46320->46301 46321 bfb5ad 46320->46321 46348 be1a90 42 API calls 46321->46348 46323 bfb5cc 46349 be1a90 42 API calls 46323->46349 46325 bfb5d7 46350 be1a90 42 API calls 46325->46350 46327 bfb5e2 46351 be1a90 42 API calls 46327->46351 46329 bfb5ff 46352 bfd350 42 API calls 46329->46352 46331 bfb60b 46332->46280 46335 d2f237 46333->46335 46334 bfb2b4 46334->46283 46334->46285 46335->46334 46353 d2f2e0 46335->46353 46340 bccd91 std::_Locinfo::_Locinfo_ctor 46337->46340 46341 bccdcd 46337->46341 46338 bcce81 46465 bc8760 41 API calls std::_Throw_Cpp_error 46338->46465 46340->46274 46341->46338 46343 bc8700 41 API calls 46341->46343 46344 bcce16 std::_Locinfo::_Locinfo_ctor 46343->46344 46345 bcce65 std::ios_base::_Ios_base_dtor 46344->46345 46346 d952ff std::_Throw_Cpp_error 40 API calls 46344->46346 46345->46274 46346->46338 46347->46318 46348->46323 46349->46325 46350->46327 46351->46329 46352->46331 46354 d2f32f CreateFileW 46353->46354 46355 d2f32d 46353->46355 46356 d2f34f 46354->46356 46355->46354 46375 be1120 46356->46375 46358 d2f37e std::locale::_Setgloballocale 46359 d2f3e7 46358->46359 46360 d2f3ca WriteFile 46358->46360 46361 d2f417 std::ios_base::_Ios_base_dtor 46359->46361 46364 d2f46d 46359->46364 46360->46358 46360->46359 46362 d2f44b CloseHandle 46361->46362 46363 d2f459 46361->46363 46362->46363 46363->46334 46365 d952ff std::_Throw_Cpp_error 40 API calls 46364->46365 46366 d2f472 46365->46366 46392 d2eba0 46366->46392 46369 d2f4aa 46401 d2f550 46369->46401 46371 bccd80 41 API calls 46371->46369 46374 d2f4c1 46374->46334 46376 be1193 46375->46376 46377 be1130 46375->46377 46447 bc7b70 41 API calls std::_Throw_Cpp_error 46376->46447 46379 be1138 46377->46379 46380 be1166 46377->46380 46381 be1198 46379->46381 46382 be113f 46379->46382 46383 be1182 46380->46383 46384 d8fea9 std::_Facet_Register 2 API calls 46380->46384 46448 bc86e0 41 API calls 2 library calls 46381->46448 46386 d8fea9 std::_Facet_Register 2 API calls 46382->46386 46383->46358 46387 be1170 46384->46387 46388 be1145 46386->46388 46387->46358 46389 d952ff std::_Throw_Cpp_error 40 API calls 46388->46389 46390 be114e 46388->46390 46391 be11a2 46389->46391 46390->46358 46393 bccd80 41 API calls 46392->46393 46394 d2ebb8 46393->46394 46395 bc8810 40 API calls 46394->46395 46396 d2ebd0 46394->46396 46395->46394 46397 d2ebf1 46396->46397 46449 d31070 40 API calls std::ios_base::_Ios_base_dtor 46396->46449 46400 d2ec12 46397->46400 46450 bc9400 40 API calls 2 library calls 46397->46450 46400->46369 46400->46371 46402 d2f5c0 46401->46402 46434 d2f9bc 46401->46434 46451 bc8190 41 API calls 2 library calls 46402->46451 46404 d8fe6a _ValidateLocalCookies 5 API calls 46406 d2f4ba 46404->46406 46405 d2f5dc 46407 d2f7b2 46405->46407 46429 d2f5eb std::ios_base::_Ios_base_dtor 46405->46429 46440 d2f9f0 46406->46440 46460 bc8060 41 API calls std::_Locinfo::_Locinfo_ctor 46407->46460 46408 d2f6ff 46455 bc9bd0 41 API calls std::_Throw_Cpp_error 46408->46455 46411 d2f713 46456 bc9c70 41 API calls 46411->46456 46414 d2f726 46457 bc8060 41 API calls std::_Locinfo::_Locinfo_ctor 46414->46457 46418 d2f742 46419 bc8810 40 API calls 46418->46419 46420 d2f74e 46419->46420 46422 bc8810 40 API calls 46420->46422 46421 bc8060 41 API calls 46421->46429 46423 d2f75a 46422->46423 46439 d2f78b std::ios_base::_Ios_base_dtor 46423->46439 46458 bc8060 41 API calls std::_Locinfo::_Locinfo_ctor 46423->46458 46424 bc8810 40 API calls 46424->46429 46426 d2f76d 46459 bc8060 41 API calls std::_Locinfo::_Locinfo_ctor 46426->46459 46427 d2f95e 46431 bc8810 40 API calls 46427->46431 46429->46408 46429->46421 46429->46424 46430 d2f9df 46429->46430 46452 bc8190 41 API calls 2 library calls 46429->46452 46453 bf15f0 41 API calls 46429->46453 46454 bc9c70 41 API calls 46429->46454 46432 d952ff std::_Throw_Cpp_error 40 API calls 46430->46432 46431->46434 46435 d2f9e4 46432->46435 46434->46404 46437 bc8060 41 API calls 46437->46439 46438 bc8810 40 API calls 46438->46439 46439->46427 46439->46430 46439->46437 46439->46438 46461 bc8190 41 API calls 2 library calls 46439->46461 46462 bf15f0 41 API calls 46439->46462 46443 d2fa25 46440->46443 46444 d2fa2c 46440->46444 46441 d8fe6a _ValidateLocalCookies 5 API calls 46442 d2fc12 46441->46442 46442->46374 46443->46441 46444->46443 46463 bc8190 41 API calls 2 library calls 46444->46463 46464 bfa7a0 41 API calls 46444->46464 46448->46388 46449->46397 46450->46397 46451->46405 46452->46429 46453->46429 46454->46429 46455->46411 46456->46414 46457->46418 46458->46426 46459->46439 46460->46408 46461->46439 46462->46439 46463->46444 46464->46444

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 00CDE790 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 117memoryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 00CDE7D8
                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,00000008,00000000), ref: 00CDE7E5
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00CDE7EF
                                                                                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,00000000,?), ref: 00CDE819
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00CDE81F
                                                                                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),?,?,?,?), ref: 00CDE845
                                                                                                                                                                                • AllocateAndInitializeSid.ADVAPI32(00000000,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00CDE878
                                                                                                                                                                                • EqualSid.ADVAPI32(00000000,?), ref: 00CDE887
                                                                                                                                                                                • FreeSid.ADVAPI32(?), ref: 00CDE896
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00CDE8D0
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Token$ErrorInformationLastProcess$AllocateCloseCurrentEqualFreeHandleInitializeOpen
                                                                                                                                                                                • String ID: <3
                                                                                                                                                                                • API String ID: 695978879-878583566
                                                                                                                                                                                • Opcode ID: d24e8952c0f18f4b2473a7fb2c3e6a28b8f1d2cf5e900816dadb9c157db11e88
                                                                                                                                                                                • Instruction ID: 2a38088d67f33d1ad5c908c6069752ee75130bc7cbd71bcf935f545df8ec7d94
                                                                                                                                                                                • Opcode Fuzzy Hash: d24e8952c0f18f4b2473a7fb2c3e6a28b8f1d2cf5e900816dadb9c157db11e88
                                                                                                                                                                                • Instruction Fuzzy Hash: CF414871900219AFEF10DFA5CD49BEEBBB9FF09310F104019E521B6290DB799A08DBA4
                                                                                                                                                                                Function 00D76840 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 197libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 96 d76840-d7687c GetCurrentProcess GetProcessAffinityMask 97 d768f0-d768fb GetSystemInfo 96->97 98 d7687e-d76884 96->98 100 d768ff-d76953 GetModuleHandleA GetProcAddress 97->100 98->97 99 d76886-d76899 98->99 103 d768a0-d768dc 99->103 101 d76955-d7695e GlobalMemoryStatusEx 100->101 102 d7698e-d769ae GlobalMemoryStatus 100->102 101->102 104 d76960-d76975 101->104 105 d769b0-d769b4 102->105 103->103 106 d768de-d768ee 103->106 107 d76977-d76982 104->107 108 d76988-d7698c 104->108 109 d769b8-d769c4 105->109 106->100 107->109 110 d76984-d76986 107->110 108->105 111 d769c6-d769cc 109->111 112 d769ce-d769d9 109->112 110->108 110->109 111->112 113 d769dd-d76ab1 call d8fe6a 111->113 112->113
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,?,?,?,?), ref: 00D7686D
                                                                                                                                                                                • GetProcessAffinityMask.KERNEL32(00000000), ref: 00D76874
                                                                                                                                                                                • GetSystemInfo.KERNEL32(?), ref: 00D768F5
                                                                                                                                                                                • GetModuleHandleA.KERNEL32 ref: 00D76944
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00D7694B
                                                                                                                                                                                • GlobalMemoryStatusEx.KERNEL32(?), ref: 00D7695A
                                                                                                                                                                                • GlobalMemoryStatus.KERNEL32(?), ref: 00D7699B
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: GlobalMemoryProcessStatus$AddressAffinityCurrentHandleInfoMaskModuleProcSystem
                                                                                                                                                                                • String ID: $@$GlobalMemoryStatusEx$kernel32.dll
                                                                                                                                                                                • API String ID: 97399739-802862622
                                                                                                                                                                                • Opcode ID: 1fb4d0aad6e9a8e2f173595c1152db81e26b61588efae6c8ac4c969003ab1cca
                                                                                                                                                                                • Instruction ID: 8be62265bc5430a358fefa9a5a67434b6ba89181e036f4469bc15000831bbcfa
                                                                                                                                                                                • Opcode Fuzzy Hash: 1fb4d0aad6e9a8e2f173595c1152db81e26b61588efae6c8ac4c969003ab1cca
                                                                                                                                                                                • Instruction Fuzzy Hash: 50718DB2A047118FD708CF29D89475AF7E5BBC8310F09892DE899C7351E7B4D808CB96
                                                                                                                                                                                Function 00D027F0 Relevance: 14.7, APIs: 9, Instructions: 1187COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Init_thread_footer$HeapProcess_wcsrchr
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3663133277-0
                                                                                                                                                                                • Opcode ID: 4f4a99eb1fbf46a201d74bb57ded4f0a7e5b4edc11472eb232e5b42a8ce7feb9
                                                                                                                                                                                • Instruction ID: 7cd6d5661c06a8a341dee6c076973a140df0c7506a31ccc92a0282ac89a14fc3
                                                                                                                                                                                • Opcode Fuzzy Hash: 4f4a99eb1fbf46a201d74bb57ded4f0a7e5b4edc11472eb232e5b42a8ce7feb9
                                                                                                                                                                                • Instruction Fuzzy Hash: 9FB26D709016588FDB26CF28CC94B9DB7F9AF45314F1882D9E419AB291DB74AF84CF60
                                                                                                                                                                                Function 00D77900 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 423fileCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 553 d77900-d7796b 554 d77971-d77978 553->554 555 d77eca 553->555 556 d77980-d77988 554->556 557 d77ecc-d77eee call d8fe6a 555->557 558 d77a61-d77a6d 556->558 559 d7798e-d779e0 call d9052d call d7b7e0 call d0e180 556->559 558->556 563 d77a73-d77a8c 558->563 580 d779e3-d779eb 559->580 564 d77a90-d77a98 563->564 566 d77bde-d77be7 564->566 567 d77a9e-d77aa8 564->567 566->564 571 d77bed-d77bf0 566->571 569 d77bc2-d77bd8 567->569 570 d77aae-d77b57 call d9052d call d7b7e0 call d0e180 CreateFileW 567->570 573 d77bdb 569->573 595 d77b73-d77b92 570->595 596 d77b59-d77b62 CloseHandle 570->596 571->555 575 d77bf6-d77c44 call d8fea9 571->575 573->566 591 d77c46-d77c4b 575->591 592 d77c51-d77cde GetEnvironmentVariableW call d76840 call d8fea9 575->592 583 d779f2-d779f5 580->583 584 d779ed-d779f0 580->584 583->580 584->583 586 d77a00-d77a08 584->586 586->586 589 d77a0a-d77a15 586->589 593 d77a17-d77a1c 589->593 594 d77a49-d77a5e call d90528 589->594 591->592 614 d77ce4-d77d37 592->614 615 d77e4d-d77e58 592->615 598 d77a20-d77a23 593->598 594->558 602 d77b94-d77ba8 CloseHandle 595->602 603 d77bab-d77bc0 call d90528 595->603 599 d77b64-d77b6a GetLastError 596->599 600 d77b6c 596->600 605 d77a25-d77a35 CreateDirectoryW 598->605 606 d77a38-d77a44 598->606 599->595 600->595 602->603 603->573 605->606 606->598 612 d77a46 606->612 612->594 616 d77d3f-d77e09 call d7f410 call d9052d call d7fc60 614->616 617 d77d39-d77d3b 614->617 618 d77e65 615->618 619 d77e5a-d77e5f 615->619 629 d77e85-d77e9d call d90528 616->629 630 d77e0b-d77e26 call d90528 616->630 617->616 621 d77e67-d77e83 618->621 619->618 621->557 637 d77ea5-d77eb4 call d77f50 629->637 638 d77e9f-d77ea1 629->638 635 d77e2e-d77e40 call d77f50 630->635 636 d77e28-d77e2a 630->636 635->614 643 d77e46-d77e4b 635->643 636->635 644 d77eb7-d77ec8 637->644 638->637 643->615 643->644 644->621
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000,?,?), ref: 00D77B4B
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00D77B5A
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?), ref: 00D77B64
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00D77B95
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseHandle$CreateErrorFileLast
                                                                                                                                                                                • String ID: NUMBER_OF_PROCESSORS
                                                                                                                                                                                • API String ID: 3884794734-3058840932
                                                                                                                                                                                • Opcode ID: 3d536ab1c06ec800e6035923b90b9d3d0f67430be00237c247f0a83adf321672
                                                                                                                                                                                • Instruction ID: 12e8f6b004ea477e4437e34741c10643f59b15622dcfcf4818f3ac632e9b0cc6
                                                                                                                                                                                • Opcode Fuzzy Hash: 3d536ab1c06ec800e6035923b90b9d3d0f67430be00237c247f0a83adf321672
                                                                                                                                                                                • Instruction Fuzzy Hash: 06126BB0904259DFDF10CFA8D884BDEBBF1FF08314F1485A9E419AB291E7759A49CB60
                                                                                                                                                                                Function 00CDFF30 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 802 cdff30-cdff89 LoadLibraryW 803 cdff8b-cdff99 GetProcAddress 802->803 804 cdffb4-cdfff9 802->804 803->804 805 cdff9b-cdffa8 803->805 810 cdfffc-ce000c 804->810 807 cdffab-cdffad 805->807 807->804 808 cdffaf-cdffb2 807->808 808->810 812 ce000e-ce0015 FreeLibrary 810->812 813 ce001c-ce002f 810->813 812->813
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryW.KERNEL32(ComCtl32.dll,3B919AFF,?,00000000,00000000), ref: 00CDFF6E
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,LoadIconMetric), ref: 00CDFF91
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00CE000F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                • String ID: ComCtl32.dll$LoadIconMetric
                                                                                                                                                                                • API String ID: 145871493-764666640
                                                                                                                                                                                • Opcode ID: 77b35f118e6f4fb6c2690074c45e62106e2b852be2d26e85cb9ecc5fcd37564e
                                                                                                                                                                                • Instruction ID: 2ed3d918b0ae3c5028e5139e150343c14b8d0f323eea4d6f466f7de9a4060ac8
                                                                                                                                                                                • Opcode Fuzzy Hash: 77b35f118e6f4fb6c2690074c45e62106e2b852be2d26e85cb9ecc5fcd37564e
                                                                                                                                                                                • Instruction Fuzzy Hash: 35316471A04259AFDF108F96CC48BAFBFF8FB49750F10412AF915A3280D7B59A44CB90
                                                                                                                                                                                Function 00C9A630 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 228libraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 977 c9a630-c9a679 GetSystemDirectoryW 978 c9a76f 977->978 979 c9a67f-c9a684 977->979 980 c9a771-c9a792 call d8fe6a 978->980 979->978 981 c9a68a-c9a693 call bcab90 979->981 986 c9a699-c9a6b3 981->986 987 c9a793-c9a935 call bca850 call d8fea9 call bde010 981->987 991 c9a6c3-c9a6c9 986->991 992 c9a6b5-c9a6c1 call bca140 986->992 1001 c9a93a-c9a9b9 GetSysColor 987->1001 996 c9a6d0-c9a6d9 991->996 1000 c9a6ec-c9a704 call be11b0 992->1000 996->996 999 c9a6db-c9a6e7 call bca6d0 996->999 999->1000 1005 c9a70a-c9a70f 1000->1005 1006 c9a706-c9a708 1000->1006 1008 c9a710-c9a719 1005->1008 1007 c9a71f-c9a739 call be11b0 call d91658 1006->1007 1014 c9a73b-c9a73d 1007->1014 1015 c9a73f-c9a74a LoadLibraryExW 1007->1015 1008->1008 1010 c9a71b-c9a71d 1008->1010 1010->1007 1016 c9a74c-c9a761 1014->1016 1015->1016 1017 c9a76b-c9a76d 1016->1017 1018 c9a763-c9a766 1016->1018 1017->980 1018->1017
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00C9A671
                                                                                                                                                                                • GetSysColor.USER32(00000011), ref: 00C9A994
                                                                                                                                                                                  • Part of subcall function 00BCAB90: GetProcessHeap.KERNEL32 ref: 00BCABE5
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCAC17
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCACA2
                                                                                                                                                                                  • Part of subcall function 00BCA140: FindResourceW.KERNEL32(00000000,?,00000006,00000000,00000000,00000000,00BCA2B8,-00000010,?,00000000), ref: 00BCA163
                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000000,00DECDED,000000FF), ref: 00C9A744
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Init_thread_footer$ColorDirectoryFindHeapLibraryLoadProcessResourceSystem
                                                                                                                                                                                • String ID: UxTheme.dll
                                                                                                                                                                                • API String ID: 3874013222-352951104
                                                                                                                                                                                • Opcode ID: 6aa559b3cd341c37a2ab0439fa37458ec2c7918fa5296c31c998c8c1f5711efb
                                                                                                                                                                                • Instruction ID: f63d8b72c13890a8c4e89cb8d1c4eabbb3c8fd16546149227a23749bf7ee661c
                                                                                                                                                                                • Opcode Fuzzy Hash: 6aa559b3cd341c37a2ab0439fa37458ec2c7918fa5296c31c998c8c1f5711efb
                                                                                                                                                                                • Instruction Fuzzy Hash: 9BA19BB0500645EFEB14CF65C819B9ABBF0FF04318F20865DE4299B681D7BAA618CFD1
                                                                                                                                                                                Function 00D8FA13 Relevance: 5.0, APIs: 4, Instructions: 41memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008,?,00BD72C7,?,?,00BD7074,?), ref: 00D8FA18
                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,00BD7074,?), ref: 00D8FA1F
                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00BD7074,?), ref: 00D8FA65
                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,00BD7074,?), ref: 00D8FA6C
                                                                                                                                                                                  • Part of subcall function 00D8F8B1: GetProcessHeap.KERNEL32(00000008,0000000D,00000000,?,00D8FA5B,00000000,?,?,00BD7074,?), ref: 00D8F8D5
                                                                                                                                                                                  • Part of subcall function 00D8F8B1: HeapAlloc.KERNEL32(00000000,?,?,00BD7074,?), ref: 00D8F8DC
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Heap$Process$Alloc$Free
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1864747095-0
                                                                                                                                                                                • Opcode ID: 47211a16e2a590c69fdfa420056ea2d0e750a817b07e1d379b632622abfac14b
                                                                                                                                                                                • Instruction ID: c10db056bcac3968507a4dd9fe6e4b92407a3c107574fda75a911b037bb1085e
                                                                                                                                                                                • Opcode Fuzzy Hash: 47211a16e2a590c69fdfa420056ea2d0e750a817b07e1d379b632622abfac14b
                                                                                                                                                                                • Instruction Fuzzy Hash: 7CF0E973744B119BE7293FB97D0C9AB296AAFC87B17068138F58AD7254DE70C8058770
                                                                                                                                                                                Function 00CDC9A0 Relevance: 4.6, APIs: 3, Instructions: 93fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,00000000,?,?,00000000), ref: 00CDCA3D
                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00CDCA9C
                                                                                                                                                                                  • Part of subcall function 00BCA850: RtlAllocateHeap.NTDLL(?,00000000,?,3B919AFF,00000000,00DB7F70,000000FF,?,?,00E9F01C,?,00D219F5,8000000B), ref: 00BCA89A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Find$AllocateCloseFileFirstHeap
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1673784098-0
                                                                                                                                                                                • Opcode ID: 6d1c98faacf6d53f89970fbe35444d7eb55e42319088cbc290f59987065000be
                                                                                                                                                                                • Instruction ID: c7cf76b4d38b95841b8f10a1bd916cd22031b201c4924099e19724a81dea3435
                                                                                                                                                                                • Opcode Fuzzy Hash: 6d1c98faacf6d53f89970fbe35444d7eb55e42319088cbc290f59987065000be
                                                                                                                                                                                • Instruction Fuzzy Hash: 5931C17090421D9FDB24DF55CD89BAAB7B5FF48320F20819BEA29A3390E7715E44DB90
                                                                                                                                                                                Function 00BFB0B0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __set_se_translator.LIBVCRUNTIME ref: 00BFB0C8
                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00CDB960), ref: 00BFB0DE
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionFilterUnhandled__set_se_translator
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2480343447-0
                                                                                                                                                                                • Opcode ID: b0e911602e036ad4dc561256bed9931dfde44fadbe4bf3b8a586ec998b587177
                                                                                                                                                                                • Instruction ID: 5a6f860a27129ca1dc46b10881ca23e23cd4ddb4e2604c65a8b6d60fc8881d9c
                                                                                                                                                                                • Opcode Fuzzy Hash: b0e911602e036ad4dc561256bed9931dfde44fadbe4bf3b8a586ec998b587177
                                                                                                                                                                                • Instruction Fuzzy Hash: D7E08676A00244BFC7216761DC49F6B7F94DBA7710F09846AF74077261CB7058498772
                                                                                                                                                                                Function 00CC4560 Relevance: 112.3, APIs: 8, Strings: 56, Instructions: 327libraryloaderfileCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00BCAB90: GetProcessHeap.KERNEL32 ref: 00BCABE5
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCAC17
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCACA2
                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 00CC46DA
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(kernel32,?), ref: 00CC471C
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 00CC4764
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SetDllDirectory), ref: 00CC47BC
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00CC47CC
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00CC4814
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00CC4774
                                                                                                                                                                                  • Part of subcall function 00D90328: EnterCriticalSection.KERNEL32(00EA7DCC,?,?,00BCACA7,00EA89FC,00E15FA0), ref: 00D90332
                                                                                                                                                                                  • Part of subcall function 00D90328: LeaveCriticalSection.KERNEL32(00EA7DCC,?,00BCACA7,00EA89FC,00E15FA0), ref: 00D90365
                                                                                                                                                                                  • Part of subcall function 00D90328: RtlWakeAllConditionVariable.NTDLL ref: 00D903DC
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00CC4824
                                                                                                                                                                                  • Part of subcall function 00C9A630: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00C9A671
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Init_thread_footer$AddressProc$CriticalSection$ConditionDirectoryEnterFileHandleHeapLeaveModuleMoveProcessSystemVariableWake
                                                                                                                                                                                • String ID: @echo off %%SystemRoot%%\System32\attrib.exe -r "%s" :try del "%s" if exist "%s" goto try%%SystemRoot%%\System32\attrib.exe -r "%s" del "%s" | cls$@echo off %%SystemRoot%%\System32\attrib.exe -r "%s" :try rd "%s" if exist "%s" goto try%%SystemRoot%%\System32\attrib.exe -r "%s" del "%s" | cls$@echo off %%SystemRoot%%\System32\attrib.exe -r "%s" SET count=0 :try %%SystemRoot%%\System32\timeout.exe 5 SET /a count=%%count%%+1rd "%s" if %%count%% GTR %lu goto breakif exist "%s" goto try:break %%SystemRoot%%\System32\attrib.exe -r "$@echo off %%SystemRoot%%\System32\attrib.exe -r "%s" SET count=0 :try %%SystemRoot%%\System32\timeout.exe 5 SET /a count=%%count%%+1del "%s" if %%count%% GTR %lu goto breakif exist "%s" goto try:break %%SystemRoot%%\System32\attrib.exe -r "$SetDefaultDllDirectories$SetDllDirectory$SetSearchPathMode$USP10.dll$WindowsCodecs.dll$advapi32.dll$apphelp.dll$bcrypt.dll$cabinet.dll$comctl32.dll$comdlg32.dll$crypt32.dll$cryptsp.dll$davhlpr.dll$dbghelp.dll$dwmapi.dll$gdi32.dll$gdiplus.dll$kernel32$kernel32.dll$lpk.dll$mpr.dll$msasn1.dll$msi.dll$msihnd.dll$msimg32.dll$msls31.dll$netapi32.dll$netutils.dll$ole32.dll$oleaut32.dll$profapi.dll$propsys.dll$psapi.dll$rsaenh.dll$samcli.dll$secur32.dll$setupapi.dll$shcore.dll$shell32.dll$shlwapi.dll$srvcli.dll$urlmon.dll$user32.dll$userenv.dll$usp10.dll$uxtheme.dll$version.dll$wininet.dll$wintrust.dll$wkscli.dll$ws2_32.dll
                                                                                                                                                                                • API String ID: 3437638698-2006426916
                                                                                                                                                                                • Opcode ID: a8aa57da3b1a2221531c07571b4cca73b3d7e8e900e3edcdde6db18cb273e7d5
                                                                                                                                                                                • Instruction ID: 1867557e166ba8fb9acb5922843c84f7dbb8cd0effe6c9cc7d279259cb007395
                                                                                                                                                                                • Opcode Fuzzy Hash: a8aa57da3b1a2221531c07571b4cca73b3d7e8e900e3edcdde6db18cb273e7d5
                                                                                                                                                                                • Instruction Fuzzy Hash: 27E14CB09003489FDB24CF55D95AB9EBFB4EF55318F109159F814AB291DBB0AA08CFA1
                                                                                                                                                                                Function 00CC4B90 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 253COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 459 cc4b90-cc4bec call cc4a80 call bcab90 464 cc4cdd-cc4d54 call bca850 FreeLibrary EnterCriticalSection 459->464 465 cc4bf2 459->465 469 cc4d9e-cc4dbf 464->469 470 cc4d56-cc4d5a 464->470 467 cc4bf5-cc4c25 call bc9bb0 call cdc960 465->467 495 cc4c5a-cc4c6a 467->495 496 cc4c27-cc4c3e 467->496 478 cc4dff-cc4e07 469->478 479 cc4dc1-cc4dc5 469->479 472 cc4d6c-cc4d6e 470->472 473 cc4d5c-cc4d66 DestroyWindow 470->473 472->469 476 cc4d70-cc4d74 472->476 473->472 481 cc4d85-cc4d9b call d8fe78 476->481 482 cc4d76-cc4d7f call d99d16 476->482 488 cc4e09-cc4e0c 478->488 489 cc4e33-cc4e41 478->489 483 cc4dd6-cc4ddb 479->483 484 cc4dc7-cc4dd0 call d99d16 479->484 481->469 482->481 491 cc4ded-cc4dfc call d8fe78 483->491 492 cc4ddd-cc4de6 call d99d16 483->492 484->483 488->489 499 cc4e0e 488->499 493 cc4e5d-cc4e71 call cc70e0 489->493 494 cc4e43-cc4e47 489->494 491->478 492->491 525 cc4e79-cc4e8a 493->525 526 cc4e73 CoUninitialize 493->526 504 cc4e49-cc4e50 494->504 505 cc4e56-cc4e5b 494->505 500 cc4c6c-cc4c70 495->500 501 cc4cb0-cc4cbf 495->501 507 cc4c48-cc4c52 call bcab90 496->507 508 cc4c40-cc4c43 496->508 510 cc4e10-cc4e15 499->510 511 cc4ca2-cc4ca8 call bca6d0 500->511 512 cc4c72-cc4c76 500->512 517 cc4cc9-cc4cdc 501->517 518 cc4cc1-cc4cc4 501->518 504->505 505->493 505->494 507->464 530 cc4c58 507->530 508->507 519 cc4e1d-cc4e31 510->519 520 cc4e17-cc4e19 510->520 529 cc4cad 511->529 512->511 521 cc4c78-cc4c8e call bca380 512->521 518->517 519->489 519->510 520->519 532 cc4c9b-cc4ca0 521->532 533 cc4c90-cc4c98 521->533 526->525 529->501 530->467 532->529 533->532
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00CC4B90: GetModuleFileNameW.KERNEL32(00000000,?,00000104,3B919AFF,00000000,?,00DF3F86,000000FF), ref: 00CC4AD8
                                                                                                                                                                                  • Part of subcall function 00BCAB90: GetProcessHeap.KERNEL32 ref: 00BCABE5
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCAC17
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCACA2
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000001,3B919AFF,?,00000001,?,?,?), ref: 00CC4D27
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00EA946C), ref: 00CC4D42
                                                                                                                                                                                • DestroyWindow.USER32(00000000), ref: 00CC4D60
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00EA946C), ref: 00CC4DA9
                                                                                                                                                                                • CoUninitialize.COMBASE ref: 00CC4E73
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalInit_thread_footerSection$DestroyEnterFileFreeHeapLeaveLibraryModuleNameProcessUninitializeWindow
                                                                                                                                                                                • String ID: v$%s%lu$.local
                                                                                                                                                                                • API String ID: 605930860-1141559199
                                                                                                                                                                                • Opcode ID: 146e6a802d954e6c0b44b2433b5e9e809ec6a229774b9e86dc4dc24dab314ea3
                                                                                                                                                                                • Instruction ID: 544970517bb3406b1dd3d905d11132a8fa99f11df3bb3e8bab3663cafea98b25
                                                                                                                                                                                • Opcode Fuzzy Hash: 146e6a802d954e6c0b44b2433b5e9e809ec6a229774b9e86dc4dc24dab314ea3
                                                                                                                                                                                • Instruction Fuzzy Hash: 2B91FD71A012049FDB24DF69C894F6ABBF4FF09314F14856DE826AB391DB74AD04CBA1
                                                                                                                                                                                Function 00D8F7A5 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 535 d8f7a5-d8f7b0 536 d8f7bf-d8f7d6 LoadLibraryExA 535->536 537 d8f7b2-d8f7be DecodePointer 535->537 538 d8f7d8-d8f7ed call d8f855 536->538 539 d8f850 536->539 538->539 543 d8f7ef-d8f804 call d8f855 538->543 540 d8f852-d8f854 539->540 543->539 546 d8f806-d8f81b call d8f855 543->546 546->539 549 d8f81d-d8f832 call d8f855 546->549 549->539 552 d8f834-d8f84e DecodePointer 549->552 552->540
                                                                                                                                                                                APIs
                                                                                                                                                                                • DecodePointer.KERNEL32(?,?,?,00D8FA9C,00EA7D80,?,00000000,?,?,00BD7B64,00000000), ref: 00D8F7B7
                                                                                                                                                                                • LoadLibraryExA.KERNEL32(atlthunk.dll,00000000,00000800,?,?,?,00D8FA9C,00EA7D80,?,00000000,?,?,00BD7B64,00000000), ref: 00D8F7CC
                                                                                                                                                                                • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00D8F848
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DecodePointer$LibraryLoad
                                                                                                                                                                                • String ID: AtlThunk_AllocateData$AtlThunk_DataToCode$AtlThunk_FreeData$AtlThunk_InitData$atlthunk.dll
                                                                                                                                                                                • API String ID: 1423960858-1745123996
                                                                                                                                                                                • Opcode ID: a38d04e9916244bf0d9415de1535eaca3ef1234cfb3bc6593dde42da930904c4
                                                                                                                                                                                • Instruction ID: f52e57471fb9b05a6a5f2bc7fac907ceb944950a2690aa5aa065e56e73327b26
                                                                                                                                                                                • Opcode Fuzzy Hash: a38d04e9916244bf0d9415de1535eaca3ef1234cfb3bc6593dde42da930904c4
                                                                                                                                                                                • Instruction Fuzzy Hash: 1E018871644701ABDB11BB109D02BDD7BA44F0BB48F080074BC857A2D2D761A54983F5
                                                                                                                                                                                Function 00CC8330 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 96registrylibraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 645 cc8330-cc8367 646 cc8369-cc836c 645->646 647 cc83d2-cc83e9 RegCreateKeyExW 645->647 649 cc836e-cc837b GetModuleHandleW 646->649 650 cc83c5-cc83c9 646->650 648 cc83ef-cc83f1 647->648 651 cc8414-cc8425 648->651 652 cc83f3-cc83f9 648->652 653 cc837d-cc8393 649->653 654 cc8396-cc83a4 GetProcAddress 649->654 650->647 655 cc83cb-cc83d0 650->655 656 cc83fb-cc8402 RegCloseKey 652->656 657 cc8404-cc8411 652->657 654->655 658 cc83a6-cc83c3 654->658 655->648 656->657 657->651 658->648
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(Advapi32.dll,3B919AFF,3B919AFF,?,?,?,?,Function_001F83F0,000000FF), ref: 00CC8373
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedW), ref: 00CC839C
                                                                                                                                                                                • RegCreateKeyExW.KERNEL32(?,00CDA4EF,00000000,00000000,00000000,?,00000000,00000000,?,3B919AFF,3B919AFF,?,?,?,?,Function_001F83F0), ref: 00CC83E9
                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,?,?,?,?,Function_001F83F0,000000FF), ref: 00CC83FC
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressCloseCreateHandleModuleProc
                                                                                                                                                                                • String ID: Advapi32.dll$RegCreateKeyTransactedW
                                                                                                                                                                                • API String ID: 1765684683-2994018265
                                                                                                                                                                                • Opcode ID: 8ec14845d59ca9685b5bb03be772faef3f45a0b1a640a0d5059769d88ef0c9c1
                                                                                                                                                                                • Instruction ID: cfc13d3926863c31b780b07ccf87e8ad452afe6a4c75eb486c22440af99c8d2b
                                                                                                                                                                                • Opcode Fuzzy Hash: 8ec14845d59ca9685b5bb03be772faef3f45a0b1a640a0d5059769d88ef0c9c1
                                                                                                                                                                                • Instruction Fuzzy Hash: 6231A472644205EFEB14CF45DC45FABBBA8FB08B10F14812AF915E7290EB71A914C764
                                                                                                                                                                                Function 00D023D0 Relevance: 9.4, APIs: 6, Instructions: 354fileCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 660 d023d0-d02405 661 d026a7-d026b8 660->661 662 d0240b-d02430 SetFilePointer 660->662 663 d02436-d0246a GetLastError call cdfda0 call cdcae0 662->663 664 d024ba-d024da 662->664 682 d0246c 663->682 683 d0246f-d02499 call ceca50 663->683 665 d024e0-d024fc ReadFile 664->665 666 d0268c 664->666 668 d02502-d02506 665->668 669 d02763-d02797 GetLastError call cdfda0 call cdcae0 665->669 671 d0268e-d026a5 call d90528 666->671 668->669 673 d0250c-d02519 call bcab90 668->673 688 d02799 669->688 689 d0279c-d027c5 call ceca50 669->689 671->661 685 d027d9-d027e3 call bca850 673->685 686 d0251f-d02538 673->686 682->683 694 d024a3-d024b9 683->694 695 d0249b-d0249e 683->695 698 d0254a-d0255c call cf1210 686->698 699 d0253a-d02543 call d90528 686->699 688->689 700 d027c7-d027ca 689->700 701 d027cf-d027d4 689->701 695->694 706 d02562-d02579 ReadFile 698->706 707 d0272c 698->707 699->698 700->701 701->671 709 d026b9-d026ed GetLastError call cdfda0 call cdcae0 706->709 710 d0257f-d02583 706->710 708 d02731-d02750 707->708 708->671 713 d02756-d0275e 708->713 724 d026f2-d0271b call ceca50 709->724 725 d026ef 709->725 710->709 712 d02589-d02594 710->712 715 d02596-d0259b 712->715 716 d025af-d025cd call bca6d0 712->716 713->671 718 d025a0-d025a9 715->718 726 d02612-d02626 716->726 727 d025cf-d025d6 716->727 718->718 722 d025ab-d025ad 718->722 722->716 741 d02725-d0272a 724->741 742 d0271d-d02720 724->742 725->724 728 d02628-d02645 call bca380 726->728 729 d02649-d0264d 726->729 731 d025e8-d025ea 727->731 732 d025d8-d025e2 727->732 728->729 734 d02650-d0266f 729->734 736 d025f1-d025f3 731->736 737 d025ec-d025ef 731->737 732->685 732->731 739 d02671-d02674 734->739 740 d02679-d02686 734->740 736->734 744 d025f5-d025fb 736->744 743 d025fd-d0260b call d99d31 737->743 739->740 740->665 740->666 741->708 742->741 743->734 747 d0260d-d02610 743->747 744->734 744->743 747->726
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetFilePointer.KERNEL32(?,?,?,00000000,3B919AFF,?,?,00000002,?,?,?,?,?,?,00000000,00DFF282), ref: 00D02427
                                                                                                                                                                                • GetLastError.KERNEL32(?,00000002), ref: 00D026B9
                                                                                                                                                                                • GetLastError.KERNEL32(?,00000002), ref: 00D02763
                                                                                                                                                                                • GetLastError.KERNEL32(?,00000002,?,?,?,?,?,?,00000000,00DFF282,000000FF,?,00D012BA,00000010), ref: 00D02436
                                                                                                                                                                                  • Part of subcall function 00CDFDA0: FormatMessageW.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000,3B919AFF,?,00000000), ref: 00CDFDEB
                                                                                                                                                                                  • Part of subcall function 00CDFDA0: GetLastError.KERNEL32(?,00000000), ref: 00CDFDF5
                                                                                                                                                                                • ReadFile.KERNEL32(?,00000000,00000008,80070057,00000000,?,00000002), ref: 00D024F8
                                                                                                                                                                                • ReadFile.KERNEL32(?,3B919AFF,00000000,00000000,00000000,00000001,?,00000002), ref: 00D02575
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLast$File$Read$FormatMessagePointer
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3903527278-0
                                                                                                                                                                                • Opcode ID: 016e89e8628a908ab6ca831eda49fb7c5eec4682d877fb9c6db164bda0a1616e
                                                                                                                                                                                • Instruction ID: e52057c2d2edaf46069c0f26a00389475b36a70a9a086a93b8227beaa99dd76e
                                                                                                                                                                                • Opcode Fuzzy Hash: 016e89e8628a908ab6ca831eda49fb7c5eec4682d877fb9c6db164bda0a1616e
                                                                                                                                                                                • Instruction Fuzzy Hash: 15D17271D01209DFDB00DFA8C889BADB7B5FF44314F188269E919AB3D1EB759905CBA0
                                                                                                                                                                                Function 00CDCF10 Relevance: 9.2, APIs: 6, Instructions: 234COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 748 cdcf10-cdcf43 call cdc960 751 cdcf59-cdcf92 PathIsUNCW call cdcb90 748->751 752 cdcf45-cdcf58 748->752 755 cdcf98-cdcfc8 call bca380 751->755 756 cdd121-cdd18a call bca850 CreateFileW 751->756 761 cdcfce 755->761 762 cdd072-cdd08e 755->762 763 cdd18c-cdd198 GetFileSize 756->763 764 cdd1a0 756->764 767 cdcfd0-cdcff3 call bca380 call be11b0 761->767 768 cdd098-cdd0ba call cc6ea0 762->768 769 cdd090-cdd093 762->769 763->764 765 cdd19a-cdd19e 763->765 766 cdd1a2-cdd1b2 764->766 765->766 770 cdd1b4-cdd1bb CloseHandle 766->770 771 cdd1c2-cdd1d5 766->771 767->756 778 cdcff9-cdcffc 767->778 769->768 770->771 778->756 779 cdd002-cdd022 call be11b0 CreateDirectoryW 778->779 782 cdd028-cdd036 GetLastError 779->782 783 cdd0bb-cdd0c0 779->783 784 cdd0cd-cdd0df call be11b0 782->784 786 cdd03c-cdd040 782->786 783->784 785 cdd0c2-cdd0c8 call cdaaa0 783->785 784->756 794 cdd0e1-cdd105 call be11b0 784->794 785->784 786->784 788 cdd046-cdd049 786->788 790 cdd04b-cdd04e call cdc5d0 788->790 791 cdd053-cdd065 788->791 790->791 795 cdd06f 791->795 796 cdd067-cdd06a 791->796 799 cdd10f-cdd116 794->799 800 cdd107-cdd10a 794->800 795->762 796->795 799->795 801 cdd11c 799->801 800->799 801->767
                                                                                                                                                                                APIs
                                                                                                                                                                                • PathIsUNCW.SHLWAPI(?,3B919AFF,?,?,?), ref: 00CDCF5B
                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000,?,00000000,00E33B44,00000001,?,?,?,?,?,00DB842D,000000FF,?,8000000B), ref: 00CDD01A
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,00DB842D,000000FF,?,8000000B), ref: 00CDD028
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateDirectoryErrorLastPath
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 953296794-0
                                                                                                                                                                                • Opcode ID: 59e21596665c7a0280623ba3920376236ad23733626b3dc6ad0dabcf9c4c1b05
                                                                                                                                                                                • Instruction ID: 5f125aacd8c7c32285fc69d7540c00e563089341cacb530290b386136f91b21f
                                                                                                                                                                                • Opcode Fuzzy Hash: 59e21596665c7a0280623ba3920376236ad23733626b3dc6ad0dabcf9c4c1b05
                                                                                                                                                                                • Instruction Fuzzy Hash: 5A81A331E006099FDB10DFA8C885B9DFBF4EF45724F24425AE521A73D0DB75AA09CB91
                                                                                                                                                                                Function 00D21610 Relevance: 7.8, APIs: 5, Instructions: 281threadsynchronizationCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 814 d21610-d21646 815 d21676-d216ac CreateThread 814->815 816 d21648-d2165b CreateEventW 814->816 817 d216b2-d216c4 815->817 818 d2178c-d217b7 WaitForSingleObject GetExitCodeThread 815->818 819 d21669-d21671 816->819 820 d2165d-d21666 816->820 821 d21701-d2170a 817->821 822 d216c6-d216cc 817->822 823 d217c7-d217da 818->823 824 d217b9-d217c0 CloseHandle 818->824 819->815 820->819 826 d2170d-d2172a 821->826 825 d216d0-d216d2 822->825 824->823 828 d216d8-d216da 825->828 829 d217dd-d21825 call bca850 825->829 830 d21770-d21784 826->830 831 d2172c 826->831 828->829 832 d216e0-d216fd 828->832 842 d21827-d2182c 829->842 843 d21835-d21855 call bcab90 829->843 841 d21789 830->841 834 d21730-d21732 831->834 832->825 836 d216ff 832->836 834->829 838 d21738-d2173a 834->838 836->826 838->829 840 d21740-d21747 838->840 840->829 844 d2174d-d21753 840->844 841->818 842->843 848 d2193b-d2195d call bca850 843->848 849 d2185b-d2186f 843->849 844->829 846 d21759-d2176e 844->846 846->830 846->834 856 d21968-d21974 848->856 857 d2195f-d21962 WaitForSingleObject 848->857 854 d218a1 849->854 855 d21871-d21877 849->855 860 d218a3-d218a8 call bca6d0 854->860 858 d21887-d2188c 855->858 859 d21879-d21885 call bca140 855->859 861 d21976-d21978 856->861 862 d2199c-d219a6 856->862 857->856 864 d21890-d21899 858->864 872 d218ad-d218db call cdcf10 859->872 860->872 866 d2197a-d21980 861->866 867 d219eb-d21a0d call bca850 call d21a20 861->867 869 d219cb-d219d1 862->869 870 d219a8-d219aa 862->870 864->864 871 d2189b-d2189f 864->871 866->867 873 d21982-d21995 call d01370 866->873 893 d21a1a-d21a1d 867->893 894 d21a0f-d21a17 call d8fe78 867->894 870->867 875 d219ac-d219b2 870->875 871->860 881 d218e5-d218f3 call d77900 872->881 882 d218dd-d218e0 872->882 887 d21997-d2199a 873->887 888 d219d4-d219db 873->888 875->867 880 d219b4-d219bb call d217f0 875->880 890 d219c0-d219c4 880->890 896 d218f5-d218f8 881->896 897 d2191b 881->897 882->881 887->861 887->862 888->869 891 d219dd-d219e8 888->891 890->888 895 d219c6-d219c9 890->895 894->893 895->869 895->870 900 d21914-d21919 896->900 901 d218fa-d218fc call d205c0 896->901 903 d21920 call d205c0 897->903 900->903 907 d21901-d21912 901->907 906 d21925-d21938 903->906 907->906
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,3B919AFF,00000000,?,?,?,?,?,?,?,00000000,00E0574D,000000FF), ref: 00D21650
                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,00D21950,?,00000000,?), ref: 00D21686
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00D2178F
                                                                                                                                                                                • GetExitCodeThread.KERNEL32(00000000,?), ref: 00D2179A
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00D217BA
                                                                                                                                                                                  • Part of subcall function 00BCA850: RtlAllocateHeap.NTDLL(?,00000000,?,3B919AFF,00000000,00DB7F70,000000FF,?,?,00E9F01C,?,00D219F5,8000000B), ref: 00BCA89A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateThread$AllocateCloseCodeEventExitHandleHeapObjectSingleWait
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 978852114-0
                                                                                                                                                                                • Opcode ID: 808f7590ee7ac948b7363510ba548279896c6c0dc0417a12de05517d4e3039c5
                                                                                                                                                                                • Instruction ID: 8fffc36ad7a828bdc988fa664c4347b904fb2d4f83463c55ec01608475fef761
                                                                                                                                                                                • Opcode Fuzzy Hash: 808f7590ee7ac948b7363510ba548279896c6c0dc0417a12de05517d4e3039c5
                                                                                                                                                                                • Instruction Fuzzy Hash: 6BB1A179A00619DFCB14CF68D884BAAB7F4FF59314F148269E916AB391D730E944CFA0
                                                                                                                                                                                Function 00CE4B10 Relevance: 7.8, APIs: 5, Instructions: 279COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 909 ce4b10-ce4c17 call bc8700 call d921f0 LoadStringW 914 ce4c19-ce4c3e call bc8190 909->914 915 ce4c43-ce4c57 909->915 925 ce4cd7-ce4cdc 914->925 917 ce4c59-ce4c5f 915->917 918 ce4c61 915->918 919 ce4c98-ce4cad LoadStringW 917->919 918->919 920 ce4c63-ce4c6c 918->920 919->915 924 ce4caf-ce4cd4 call bc8190 919->924 922 ce4c6e-ce4c78 call ce4e80 920->922 923 ce4c7a-ce4c92 call d921f0 920->923 938 ce4c95 922->938 923->938 924->925 929 ce4cde-ce4d0b call bc8810 925->929 930 ce4d0d 925->930 931 ce4d10-ce4d17 929->931 930->931 936 ce4d4b-ce4d63 931->936 937 ce4d19-ce4d2b 931->937 942 ce4da6-ce4dc5 call d8fe6a 936->942 943 ce4d65-ce4d75 936->943 940 ce4d2d-ce4d3b 937->940 941 ce4d41-ce4d48 call d8fe78 937->941 938->919 940->941 944 ce4dc6-ce4e05 call d952ff 940->944 941->936 946 ce4d87-ce4d9f call d8fe78 943->946 947 ce4d77-ce4d85 943->947 955 ce4e6e-ce4e78 call bca850 944->955 956 ce4e07 944->956 946->942 947->944 947->946 957 ce4e09-ce4e0b 956->957 958 ce4e51-ce4e62 SysAllocStringLen 956->958 960 ce4e0e-ce4e48 CLSIDFromString SysFreeString call d8fe6a 957->960 958->960 961 ce4e64-ce4e69 call bca850 958->961 965 ce4e4d-ce4e50 960->965 961->955
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadStringW.USER32(?,00000000,?,00000100), ref: 00CE4C0C
                                                                                                                                                                                • LoadStringW.USER32(?,00000000,?,00000001), ref: 00CE4CA0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LoadString
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2948472770-0
                                                                                                                                                                                • Opcode ID: 148d4f8cc41d4f539a1f8515fe0aaba3ed1bd742833f834b4243ccb9525a7264
                                                                                                                                                                                • Instruction ID: d357aa112e1deed778d9b706e2cd2421a22ce8554ab610d47e06ab0902303a18
                                                                                                                                                                                • Opcode Fuzzy Hash: 148d4f8cc41d4f539a1f8515fe0aaba3ed1bd742833f834b4243ccb9525a7264
                                                                                                                                                                                • Instruction Fuzzy Hash: 22B17E71D01248AFDB04DFA9DD45BEEBBB5FF48310F208229E911B7290EB746A45CB90
                                                                                                                                                                                Function 00BD8E2B Relevance: 7.6, APIs: 5, Instructions: 65COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 966 bd8e2b-bd8e34 967 bd8e4c-bd8e7e GetWindowLongW CallWindowProcW 966->967 968 bd8e36-bd8e4a CallWindowProcW 966->968 970 bd8e9b 967->970 971 bd8e80-bd8e8b GetWindowLongW 967->971 969 bd8e9f-bd8ea4 968->969 973 bd8ecf-bd8edd 969->973 974 bd8ea6-bd8ea8 969->974 970->969 971->970 972 bd8e8d-bd8e95 SetWindowLongW 971->972 972->970 974->973 975 bd8eaa-bd8ecc 974->975
                                                                                                                                                                                APIs
                                                                                                                                                                                • CallWindowProcW.USER32(?,?,?,?,?), ref: 00BD8E40
                                                                                                                                                                                • GetWindowLongW.USER32(?,000000FC), ref: 00BD8E55
                                                                                                                                                                                • CallWindowProcW.USER32(?,?,00000082,?,?), ref: 00BD8E6B
                                                                                                                                                                                • GetWindowLongW.USER32(?,000000FC), ref: 00BD8E85
                                                                                                                                                                                • SetWindowLongW.USER32(?,000000FC,?), ref: 00BD8E95
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Long$CallProc
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 513923721-0
                                                                                                                                                                                • Opcode ID: 9bedb1452b8f79c0771a6f4e9a814db0aa2b9a6f4ba3c519bb20d7192337ebd9
                                                                                                                                                                                • Instruction ID: efe04a3b8c895dac34db34071fa0aa47a98998bf934859d70bec60ba2e90980d
                                                                                                                                                                                • Opcode Fuzzy Hash: 9bedb1452b8f79c0771a6f4e9a814db0aa2b9a6f4ba3c519bb20d7192337ebd9
                                                                                                                                                                                • Instruction Fuzzy Hash: 80211A31508700AFC720AF19DC84817FBF5FB89721B104A1EF5EA926A0D732E8449F50
                                                                                                                                                                                Function 00D2F2E0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 181fileCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 1019 d2f2e0-d2f32b 1020 d2f32f-d2f34d CreateFileW 1019->1020 1021 d2f32d 1019->1021 1022 d2f35b-d2f3ad call be1120 call d921f0 1020->1022 1023 d2f34f-d2f358 1020->1023 1021->1020 1030 d2f3b0-d2f3c8 1022->1030 1023->1022 1032 d2f3e7-d2f3f6 1030->1032 1033 d2f3ca-d2f3e5 WriteFile 1030->1033 1034 d2f436-d2f449 1032->1034 1035 d2f3f8-d2f405 1032->1035 1033->1030 1033->1032 1038 d2f44b-d2f452 CloseHandle 1034->1038 1039 d2f459-d2f46c 1034->1039 1036 d2f417-d2f42f call d8fe78 1035->1036 1037 d2f407-d2f415 1035->1037 1036->1034 1037->1036 1040 d2f46d-d2f494 call d952ff call d2eba0 1037->1040 1038->1039 1048 d2f496-d2f49d 1040->1048 1049 d2f4aa-d2f4c7 call d2f550 call d2f9f0 call d2fc20 1040->1049 1051 d2f4a1-d2f4a5 call bccd80 1048->1051 1052 d2f49f 1048->1052 1058 d2f4cc-d2f4de 1049->1058 1051->1049 1052->1051
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateFileW.KERNEL32(00000000,40000000,00000001,00000000,00000002,00000080,00000000,3B919AFF,?,6CEF37E0,?), ref: 00D2F342
                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,0000C800,0000C800,00000000,?,?,0000C800), ref: 00D2F3D8
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,0000C800), ref: 00D2F44C
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                • String ID: <3
                                                                                                                                                                                • API String ID: 1065093856-878583566
                                                                                                                                                                                • Opcode ID: 362430c3bcb43d29954eb116994eac129062fb9f24a3d955a4c396fe2bb577ed
                                                                                                                                                                                • Instruction ID: e7cd5622c7747ce76a165f7eb6276fd083ff21a0378243045a965b38c125ba0a
                                                                                                                                                                                • Opcode Fuzzy Hash: 362430c3bcb43d29954eb116994eac129062fb9f24a3d955a4c396fe2bb577ed
                                                                                                                                                                                • Instruction Fuzzy Hash: 1C518F71A10218AFDF00DFA9ED45BDEBBB9FF58714F144269F410B7290DB74AA048BA4
                                                                                                                                                                                Function 00CDD1E0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 361COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • PathIsUNCW.SHLWAPI(?,?,00000000), ref: 00CDD2A1
                                                                                                                                                                                • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000025,00000000,3B919AFF), ref: 00CDD500
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Path$FolderSpecial
                                                                                                                                                                                • String ID: USERPROFILE
                                                                                                                                                                                • API String ID: 1980328124-2419442777
                                                                                                                                                                                • Opcode ID: e818ef8ebe0ec4e7afceab339a8321b617010e79a66fd5e1c667239a35b71593
                                                                                                                                                                                • Instruction ID: a0038a8eb7c5018f4020079ad10053face16cc1a6b6a01bd619c85fb93ee8bbf
                                                                                                                                                                                • Opcode Fuzzy Hash: e818ef8ebe0ec4e7afceab339a8321b617010e79a66fd5e1c667239a35b71593
                                                                                                                                                                                • Instruction Fuzzy Hash: 8BB1E071E006199FDB10DF68C849B6EB7F4EF44314F14466EEA26EB391DB30AE048B91
                                                                                                                                                                                Function 00CDCB90 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 345COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00BCAB90: GetProcessHeap.KERNEL32 ref: 00BCABE5
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCAC17
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCACA2
                                                                                                                                                                                • PathIsUNCW.SHLWAPI(?,?), ref: 00CDCD26
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Init_thread_footer$HeapPathProcess
                                                                                                                                                                                • String ID: \\?\$\\?\UNC\
                                                                                                                                                                                • API String ID: 806983814-3019864461
                                                                                                                                                                                • Opcode ID: 82d1187e69fed149335a7d7c063be4f6c5a12710b23c1824898c47ea511e4d83
                                                                                                                                                                                • Instruction ID: 9ebe65077a479a9ebe10b37bb59a195d5cb4c0f2b09552361809559b941de4d9
                                                                                                                                                                                • Opcode Fuzzy Hash: 82d1187e69fed149335a7d7c063be4f6c5a12710b23c1824898c47ea511e4d83
                                                                                                                                                                                • Instruction Fuzzy Hash: F0C1907190060A9FDB00DBA8CC85BAEF7F9FF45314F14826AE525E7391EB749A04CB91
                                                                                                                                                                                Function 00D31F40 Relevance: 4.7, APIs: 3, Instructions: 212synchronizationCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00D325A0: OpenEventW.KERNEL32(00000000,00000000,3B919AFF,_pbl_evt,00000008,?,?,00E3B488,00000001,3B919AFF,00000000), ref: 00D3264E
                                                                                                                                                                                  • Part of subcall function 00D325A0: CreateEventW.KERNEL32(00000000,00000001,00000001,?), ref: 00D3266B
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,00000000,00000001,3B919AFF,?,00000000), ref: 00D31F8E
                                                                                                                                                                                • ResetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00E076C9,000000FF), ref: 00D31FA3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Event$CreateObjectOpenResetSingleWait
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2109722436-0
                                                                                                                                                                                • Opcode ID: 025cec7cdb56ba7eecc800b16184c2a5e2dce7d4a137a3e9db27240dae703c95
                                                                                                                                                                                • Instruction ID: 98134880f43d91a8c0a6ad65edef0ad14c227093745b79783888df766076744d
                                                                                                                                                                                • Opcode Fuzzy Hash: 025cec7cdb56ba7eecc800b16184c2a5e2dce7d4a137a3e9db27240dae703c95
                                                                                                                                                                                • Instruction Fuzzy Hash: C081C171D00348DFDB04CFA8C945BAEBBB0FF55314F24825DE544AB292D775AA86CBA0
                                                                                                                                                                                Function 00DAA1EC Relevance: 4.7, APIs: 3, Instructions: 202COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __freea.LIBCMT ref: 00DAA39B
                                                                                                                                                                                  • Part of subcall function 00DA8247: RtlAllocateHeap.NTDLL(00000000,00DAFD9E,?,?,00DAFD9E,00000220,?,?,?), ref: 00DA8279
                                                                                                                                                                                • __freea.LIBCMT ref: 00DAA3B0
                                                                                                                                                                                • __freea.LIBCMT ref: 00DAA3C0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __freea$AllocateHeap
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2243444508-0
                                                                                                                                                                                • Opcode ID: 47b5fc825d2aef400779e659dfcba285d19912f2f601e218bd45b5ad872a54cd
                                                                                                                                                                                • Instruction ID: 6b0624c201cee0de6b4ab137e4dfc472e3fceb9fc741f236ff25efa4349fd12f
                                                                                                                                                                                • Opcode Fuzzy Hash: 47b5fc825d2aef400779e659dfcba285d19912f2f601e218bd45b5ad872a54cd
                                                                                                                                                                                • Instruction Fuzzy Hash: 65518D72600216AFEF21AFA89C81EAF77A9EF46750B190629FD08D6150E732CC10C672
                                                                                                                                                                                Function 00D01F00 Relevance: 4.7, APIs: 3, Instructions: 192fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetFilePointer.KERNEL32(?,?,?,00000000,3B919AFF,?,?), ref: 00D01F67
                                                                                                                                                                                • ReadFile.KERNEL32(?,00000000,00000018,?,00000000), ref: 00D02074
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$PointerRead
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3154509469-0
                                                                                                                                                                                • Opcode ID: 20727ab371b7d8ee6cc0a4e05007bdcbc26807bc037c829cdb13f037b437235b
                                                                                                                                                                                • Instruction ID: e64a2a3bf4b36209d043fd599fb684c8e1c765ee9e0c0ef419f3856ea217e177
                                                                                                                                                                                • Opcode Fuzzy Hash: 20727ab371b7d8ee6cc0a4e05007bdcbc26807bc037c829cdb13f037b437235b
                                                                                                                                                                                • Instruction Fuzzy Hash: 7A616271D016099FDB04CFA9C945B9DFBB4FF09320F14826AE925A73D0DB75AA04CB91
                                                                                                                                                                                Function 00D9B563 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,?,00D9B55D,?,?,?,?,3B919AFF), ref: 00D9B574
                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,?,00D9B55D,?,?,?,?,3B919AFF), ref: 00D9B57B
                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00D9B58D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1703294689-0
                                                                                                                                                                                • Opcode ID: 7ec442a659d628989783be3e6a583018d7ae6e7f2c865bd4967da8b62f165024
                                                                                                                                                                                • Instruction ID: 7205f077c3948d9ed39f155e4d5c6a65cf5f945fb0f852bcf147242b033af927
                                                                                                                                                                                • Opcode Fuzzy Hash: 7ec442a659d628989783be3e6a583018d7ae6e7f2c865bd4967da8b62f165024
                                                                                                                                                                                • Instruction Fuzzy Hash: 80D09E31000548AFCF812FA2EE0D9DD3F26EF44361B468111F90555031DF759996DB60
                                                                                                                                                                                Function 00CE0790 Relevance: 3.2, APIs: 2, Instructions: 186windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SendMessageW.USER32(?,00000080,00000001,00000000), ref: 00CE0964
                                                                                                                                                                                • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00CE096F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                • Opcode ID: 7d2dfd62de718feb9f85a924d245eb1c87955ce0c787cb64e7dc64b86e1fe938
                                                                                                                                                                                • Instruction ID: 5e573e9ebb61739d0f81147e0a85fd189cbd4a37d2b6fe5a7133492c67ba3d31
                                                                                                                                                                                • Opcode Fuzzy Hash: 7d2dfd62de718feb9f85a924d245eb1c87955ce0c787cb64e7dc64b86e1fe938
                                                                                                                                                                                • Instruction Fuzzy Hash: DD51E872A002049FDB14DF69CC81B6EB7E9EB85310F24422AF914DB3C5DAB0AE4187E1
                                                                                                                                                                                Function 00DAFF9D Relevance: 3.2, APIs: 2, Instructions: 177COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00DAFACA: GetOEMCP.KERNEL32(00000000,?,?,?,?), ref: 00DAFAF5
                                                                                                                                                                                • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,00DAFDE1,?,00000000,?,?,?), ref: 00DAFFFE
                                                                                                                                                                                • GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,00DAFDE1,?,00000000,?,?,?), ref: 00DB0040
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CodeInfoPageValid
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 546120528-0
                                                                                                                                                                                • Opcode ID: 442e8ced373a6c99df61fa42f9774f0535771310ae4d7050b14ca99cb5e6f010
                                                                                                                                                                                • Instruction ID: 8366780b2c21f3256732ea06f2d91c98cc1fb59e9f1df5df7528635250655002
                                                                                                                                                                                • Opcode Fuzzy Hash: 442e8ced373a6c99df61fa42f9774f0535771310ae4d7050b14ca99cb5e6f010
                                                                                                                                                                                • Instruction Fuzzy Hash: CF510F70A003449EDB25DF7AC880BEBBFF4EF85300F18816AD08787251E6749946CBB0
                                                                                                                                                                                Function 00D0F310 Relevance: 3.2, APIs: 2, Instructions: 174registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegQueryValueExW.KERNEL32(?,?,00000000,000000C8,00000000,000000C8,000000C8), ref: 00D0F37E
                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000002,00000000,00000002,00000002,000000C8), ref: 00D0F3C0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: QueryValue
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3660427363-0
                                                                                                                                                                                • Opcode ID: 5a61ebb436d968948d86f73079030ab69e796b06cf4eff2aa9a14f4002049c38
                                                                                                                                                                                • Instruction ID: 1ea3d2f30c353564d8ca1966b942e0656889ec4d72a264dad2d73352552d97d9
                                                                                                                                                                                • Opcode Fuzzy Hash: 5a61ebb436d968948d86f73079030ab69e796b06cf4eff2aa9a14f4002049c38
                                                                                                                                                                                • Instruction Fuzzy Hash: 8F51C371901209ABDF21DFA4DC45BBFB7B8EF05314F240428ED15A7691EB35AA04CBB2
                                                                                                                                                                                Function 00C7F120 Relevance: 3.1, APIs: 2, Instructions: 70COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • IsWindow.USER32(00000004), ref: 00C7F16A
                                                                                                                                                                                • DestroyWindow.USER32(00000004,?,?,?,?,?,?,?,?,000000FF), ref: 00C7F177
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Destroy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3707531092-0
                                                                                                                                                                                • Opcode ID: a75e1177f060716297df4b9e46a19e1336ffbcccedcc27a05fa27956cbba3e00
                                                                                                                                                                                • Instruction ID: 823aa2c69b3895d2267a20698d29e20fdf0a6befecabed130e0488ff36b98687
                                                                                                                                                                                • Opcode Fuzzy Hash: a75e1177f060716297df4b9e46a19e1336ffbcccedcc27a05fa27956cbba3e00
                                                                                                                                                                                • Instruction Fuzzy Hash: B231BC70805649EFCB01DF68C909B8EFBF4BF05314F10869DE065A3A91DB74AA08DBD1
                                                                                                                                                                                Function 00DA9F58 Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LCMapStringEx.KERNEL32(?,00DAA2DA,?,?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00DA9F8C
                                                                                                                                                                                • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,00DAA2DA,?,?,00000000,?,00000000), ref: 00DA9FAA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: String
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2568140703-0
                                                                                                                                                                                • Opcode ID: 45c0cad590344142bdd151b6e5371f9296ac83b8393a77276706aa554ae2e944
                                                                                                                                                                                • Instruction ID: d6fc79d7e12c8511efa53bc2b79fef075367473bacad2aef825b4da5cde79402
                                                                                                                                                                                • Opcode Fuzzy Hash: 45c0cad590344142bdd151b6e5371f9296ac83b8393a77276706aa554ae2e944
                                                                                                                                                                                • Instruction Fuzzy Hash: F3F0683240411ABFCF125F91DC159DEBE66EF49360B098110BA1865030CA36D872EBA4
                                                                                                                                                                                Function 00DA820D Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000000,?,00DB1120,?,00000000,?,?,00DB13C1,?,00000007,?,?,00DB1813,?,?), ref: 00DA8223
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00DB1120,?,00000000,?,?,00DB13C1,?,00000007,?,?,00DB1813,?,?), ref: 00DA822E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorFreeHeapLast
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 485612231-0
                                                                                                                                                                                • Opcode ID: 8c8e6a62e26bc4024fd78344bff9900b9c4a2b952edd70dd094e0fab96ce2f3b
                                                                                                                                                                                • Instruction ID: 6256211f1e4726243f9a0d4cc00db331498af3128959d498cd28809b4e6507f7
                                                                                                                                                                                • Opcode Fuzzy Hash: 8c8e6a62e26bc4024fd78344bff9900b9c4a2b952edd70dd094e0fab96ce2f3b
                                                                                                                                                                                • Instruction Fuzzy Hash: 09E08631100A14AFDB112FB6FD0C7A53B59DB46351F148020F60896060DF30984497B4
                                                                                                                                                                                Function 00CC6270 Relevance: 2.6, APIs: 2, Instructions: 68COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,00000000,00000000,?,00000000,?,00000000,00DC225D,000000FF,?,80004005,?,?), ref: 00CC6288
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,?,-00000001,?,80004005,?,?,?,00000000,00DF48ED,000000FF,?,00CC4B55), ref: 00CC62BA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiWide
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 626452242-0
                                                                                                                                                                                • Opcode ID: 564a2221b535174c1b8ad6fb44eb8557a1ac407f8dc39707189a8b3b856f1022
                                                                                                                                                                                • Instruction ID: 1360349ee8a87929aa0b496eb6f21c377705a300915c9324c5290bc59b973d4a
                                                                                                                                                                                • Opcode Fuzzy Hash: 564a2221b535174c1b8ad6fb44eb8557a1ac407f8dc39707189a8b3b856f1022
                                                                                                                                                                                • Instruction Fuzzy Hash: BC012232301115AFD6149B99DC89F5EF79AEFC4725F20812EF321AB2D0CA206D018BA4
                                                                                                                                                                                Function 00D217F0 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 43d4683901067da7fd06d8db63a9c5d96580740d46cc95e886b22c82fc77238e
                                                                                                                                                                                • Instruction ID: 749a2d8f464142454b1f1838e3e398a29b72d60f35b2de5085151443a3742fb8
                                                                                                                                                                                • Opcode Fuzzy Hash: 43d4683901067da7fd06d8db63a9c5d96580740d46cc95e886b22c82fc77238e
                                                                                                                                                                                • Instruction Fuzzy Hash: 5651D0756006259FC710DF69D884A6AB7F4FF65324F088269ED269B261DB30ED44CBB0
                                                                                                                                                                                Function 00DAFB9E Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetCPInfo.KERNEL32(E8458D00,?,00DAFDED,00DAFDE1,00000000), ref: 00DAFBD0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Info
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1807457897-0
                                                                                                                                                                                • Opcode ID: 2218dacf7ab970637b34f30526fa10d795a0d644fe52fd5a587b4d789c32ae2b
                                                                                                                                                                                • Instruction ID: 359228557c3fe120301f8bba557bbeb35e69a591496a85cb89c1bc0f7b529638
                                                                                                                                                                                • Opcode Fuzzy Hash: 2218dacf7ab970637b34f30526fa10d795a0d644fe52fd5a587b4d789c32ae2b
                                                                                                                                                                                • Instruction Fuzzy Hash: 2E5169B190425C9ADF228B69CDC0AE67BB8EB57314F2405FDE49AC7182C335AD46DB30
                                                                                                                                                                                Function 00D21950 Relevance: 1.6, APIs: 1, Instructions: 84synchronizationCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,80004005,3B919AFF,?,?,00000000,?,?,00DB842D,000000FF,?), ref: 00D21962
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ObjectSingleWait
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 24740636-0
                                                                                                                                                                                • Opcode ID: e433020d6b15c8e95798c4a8711535dbf63402f3a9b6ecadd10a0d15d5d0b988
                                                                                                                                                                                • Instruction ID: 899442362d35ad631d51f1dadfb03131d5ebb97024c3f07f1cff9829fbbe22b4
                                                                                                                                                                                • Opcode Fuzzy Hash: e433020d6b15c8e95798c4a8711535dbf63402f3a9b6ecadd10a0d15d5d0b988
                                                                                                                                                                                • Instruction Fuzzy Hash: 522102352006355FC221AF99E480E56F7E8FF75308B06C129ED65A7212C760EC91CBF0
                                                                                                                                                                                Function 00D204E0 Relevance: 1.6, APIs: 1, Instructions: 73fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,00000010,?,00D034AD,?,00000000,00000000,?,?), ref: 00D204FD
                                                                                                                                                                                  • Part of subcall function 00BCA850: RtlAllocateHeap.NTDLL(?,00000000,?,3B919AFF,00000000,00DB7F70,000000FF,?,?,00E9F01C,?,00D219F5,8000000B), ref: 00BCA89A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocateCreateFileHeap
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3125202945-0
                                                                                                                                                                                • Opcode ID: ecf51e5854318f1dcff1b7fa171acad557a3e51ccd39c2b3ed436944c8a09252
                                                                                                                                                                                • Instruction ID: 8bc4656d7a53112e881961c55d523b35e2becab593ea33ef8ae0471ce772f677
                                                                                                                                                                                • Opcode Fuzzy Hash: ecf51e5854318f1dcff1b7fa171acad557a3e51ccd39c2b3ed436944c8a09252
                                                                                                                                                                                • Instruction Fuzzy Hash: B021F634204B109FD324DF28D488B1ABBE1FF98304F24895DE59A9B361E731E981CFA5
                                                                                                                                                                                Function 00CDAC80 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RemoveDirectoryW.KERNEL32(00000000,?,3B919AFF,?,?,00000000,3B919AFF,00000000,?,00000000,00DF79E3,000000FF), ref: 00CDACDE
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DirectoryRemove
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 597925465-0
                                                                                                                                                                                • Opcode ID: 24ec45d106bdf6c3091900cde110d5edff339dfe19ac1b461ec338b2bdc912be
                                                                                                                                                                                • Instruction ID: a2280fe1bd5372fb8f858fe3ebb5c37bb14dfcac219b3fd01a6464d060a873f7
                                                                                                                                                                                • Opcode Fuzzy Hash: 24ec45d106bdf6c3091900cde110d5edff339dfe19ac1b461ec338b2bdc912be
                                                                                                                                                                                • Instruction Fuzzy Hash: 23219571900218DFCB25DF58D884AAEF7B4FB49720F1546AAED356B381DB349D04CB90
                                                                                                                                                                                Function 00CC2170 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00D90372: EnterCriticalSection.KERNEL32(00EA7DCC,?,?,?,00BCAC36,00EA89FC,3B919AFF,?,?,00DB84ED,000000FF,?,00D21851,3B919AFF,?,?), ref: 00D9037D
                                                                                                                                                                                  • Part of subcall function 00D90372: LeaveCriticalSection.KERNEL32(00EA7DCC,?,00BCAC36,00EA89FC,3B919AFF,?,?,00DB84ED,000000FF,?,00D21851,3B919AFF,?,?,00000000,?), ref: 00D903BA
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00CC21E2
                                                                                                                                                                                  • Part of subcall function 00D90328: EnterCriticalSection.KERNEL32(00EA7DCC,?,?,00BCACA7,00EA89FC,00E15FA0), ref: 00D90332
                                                                                                                                                                                  • Part of subcall function 00D90328: LeaveCriticalSection.KERNEL32(00EA7DCC,?,00BCACA7,00EA89FC,00E15FA0), ref: 00D90365
                                                                                                                                                                                  • Part of subcall function 00D90328: RtlWakeAllConditionVariable.NTDLL ref: 00D903DC
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2296764815-0
                                                                                                                                                                                • Opcode ID: 3bba610a05bba1b0f5f4ab867743a4e95c4619d3a087508358952c3a296ea1e0
                                                                                                                                                                                • Instruction ID: 71a7d5aa1b9d04b3f5a66e3268b8b852d8b9a0db120b5e2831bfce09232fdf11
                                                                                                                                                                                • Opcode Fuzzy Hash: 3bba610a05bba1b0f5f4ab867743a4e95c4619d3a087508358952c3a296ea1e0
                                                                                                                                                                                • Instruction Fuzzy Hash: E10184B1904704DFDB14DB58EC4AB1877A0E70E720F11433EF526A77D0D735BA048A21
                                                                                                                                                                                Function 00CE1DA0 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00D90372: EnterCriticalSection.KERNEL32(00EA7DCC,?,?,?,00BCAC36,00EA89FC,3B919AFF,?,?,00DB84ED,000000FF,?,00D21851,3B919AFF,?,?), ref: 00D9037D
                                                                                                                                                                                  • Part of subcall function 00D90372: LeaveCriticalSection.KERNEL32(00EA7DCC,?,00BCAC36,00EA89FC,3B919AFF,?,?,00DB84ED,000000FF,?,00D21851,3B919AFF,?,?,00000000,?), ref: 00D903BA
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00CE1E16
                                                                                                                                                                                  • Part of subcall function 00D90328: EnterCriticalSection.KERNEL32(00EA7DCC,?,?,00BCACA7,00EA89FC,00E15FA0), ref: 00D90332
                                                                                                                                                                                  • Part of subcall function 00D90328: LeaveCriticalSection.KERNEL32(00EA7DCC,?,00BCACA7,00EA89FC,00E15FA0), ref: 00D90365
                                                                                                                                                                                  • Part of subcall function 00D90328: RtlWakeAllConditionVariable.NTDLL ref: 00D903DC
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2296764815-0
                                                                                                                                                                                • Opcode ID: 987ee92e3badd904b3b84550987d64fdf46b29354014d7bd299e22e8b850ed05
                                                                                                                                                                                • Instruction ID: 9c305f3693e25117be35bdaacdc0527ed07ae8920f97e24e7dfb2532562e3d05
                                                                                                                                                                                • Opcode Fuzzy Hash: 987ee92e3badd904b3b84550987d64fdf46b29354014d7bd299e22e8b850ed05
                                                                                                                                                                                • Instruction Fuzzy Hash: F201F771B406449FC720DB59D91AB1973A4F70AB30F100739FD22AB3C1D7307A108671
                                                                                                                                                                                Function 00BCA850 Relevance: 1.5, APIs: 1, Instructions: 34memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00D91BFA: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,?,00000000), ref: 00D91C5A
                                                                                                                                                                                • RtlAllocateHeap.NTDLL(?,00000000,?,3B919AFF,00000000,00DB7F70,000000FF,?,?,00E9F01C,?,00D219F5,8000000B), ref: 00BCA89A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocateExceptionHeapRaise
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3789339297-0
                                                                                                                                                                                • Opcode ID: ee99d3a157cef9a5bbe977a8eb913921cd9835bf6ca4def2592776ad9e9efe9f
                                                                                                                                                                                • Instruction ID: 94f37a0fe39c950a4bbfabc284804a968257df2769b25cce82a9cd8802ee1335
                                                                                                                                                                                • Opcode Fuzzy Hash: ee99d3a157cef9a5bbe977a8eb913921cd9835bf6ca4def2592776ad9e9efe9f
                                                                                                                                                                                • Instruction Fuzzy Hash: DDF0E231604248FFCB04CF10DC01F96BBA9FB08B04F008529FA0592690DB36A8008A54
                                                                                                                                                                                Function 00DA8247 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00DAFD9E,?,?,00DAFD9E,00000220,?,?,?), ref: 00DA8279
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                • Opcode ID: cbe5db3b2a32aee6ae0f43ca3a2f663b93b8c2097f6a9f3cfe2493ee1efdada1
                                                                                                                                                                                • Instruction ID: a7f314243d43f5272372e9f42cea6d89981922ab6660d1e990a7a991f1eafde0
                                                                                                                                                                                • Opcode Fuzzy Hash: cbe5db3b2a32aee6ae0f43ca3a2f663b93b8c2097f6a9f3cfe2493ee1efdada1
                                                                                                                                                                                • Instruction Fuzzy Hash: 21E09B31545E205BDF212B66AD04BBF3649DF873A0F1D4121EC55960D0DF50DC0466F9
                                                                                                                                                                                Function 00DA5F5B Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog3
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 431132790-0
                                                                                                                                                                                • Opcode ID: feff77aedb54a04cc4fa93b31517ef094c2cd9a118d6f43658f067a5eb909b3d
                                                                                                                                                                                • Instruction ID: 3d4140f6a9f3aba42f7b985ea5e6636a482a51dcc829fd63275195e46772b241
                                                                                                                                                                                • Opcode Fuzzy Hash: feff77aedb54a04cc4fa93b31517ef094c2cd9a118d6f43658f067a5eb909b3d
                                                                                                                                                                                • Instruction Fuzzy Hash: 2BE07576C0060EAEDF00DFD4D552AEEBBB8EB08310F504126A205E7141EA7497858FB1
                                                                                                                                                                                Function 00BC9590 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                                • Opcode ID: fdf070a9f1893507eb867526afe9885188f484b1778b3f1a7db05b174fa91849
                                                                                                                                                                                • Instruction ID: fc7177f9fd08994188886b029824dcf8ba427140ad962f9edc745a262ae092d6
                                                                                                                                                                                • Opcode Fuzzy Hash: fdf070a9f1893507eb867526afe9885188f484b1778b3f1a7db05b174fa91849
                                                                                                                                                                                • Instruction Fuzzy Hash: C3C08C302007104BE7304F18FA08B8232DC9F08701F01848EA409D3200CA70DC048658

                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                Function 00BC4772 Relevance: 145.9, Strings: 115, Instructions: 2113COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: 100$10000$100000$12000$120000$1500$15000$1500000$1800$2000$20000$200000$3000$30000$3000000$500$5000$6000$8000$AI_AppSearchEx$AI_ChainProductsPseudo$AI_CountRowAction$AI_DefaultActionCost$AI_DownloadPrereq$AI_ExtractPrereq$AI_Game$AI_GxInstall$AI_GxUninstall$AI_InstallPostPrerequisite$AI_InstallPrerequisite$AI_PreRequisite$AI_ProcessAccounts$AI_ProcessGroups$AI_ProcessTasks$AI_ScheduledTasks$AI_UninstallAccounts$AI_UninstallGroups$AI_UninstallTasks$AI_UserAccounts$AI_UserGroups$AI_XmlAttribute$AI_XmlElement$AI_XmlInstall$AI_XmlUninstall$AppId$BindImage$Complus$Component_$CreateFolder$CreateFolders$CreateShortcuts$DuplicateFile$DuplicateFiles$Environment$Extension$Feature$Feature_$File$FileSize$Font$IniFile$InstallFiles$InstallFinalize$InstallInitialize$InstallODBC$InstallServices$Location$MIME$MoveFile$MoveFiles$MsiAssembly$MsiConfigureServices$MsiPublishAssemblies$ODBCDataSource$ODBCDriver$ODBCTranslator$Options$Patch$PatchFiles$PatchSize$ProgId$PublishComponent$PublishComponents$PublishFeatures$RegisterClassInfo$RegisterComPlus$RegisterExtensionInfo$RegisterFonts$RegisterMIMEInfo$RegisterProgIdInfo$RegisterTypeLibraries$Registry$RemoveDuplicateFiles$RemoveEnvironmentStrings$RemoveFile$RemoveFiles$RemoveFolders$RemoveIniFile$RemoveIniValues$RemoveShortcuts$SelfReg$SelfRegModules$ServiceControl$ServiceInstall$Shortcut$StartServices$TypeLib$UnregisterClassInfo$UnregisterExtensionInfo$UnregisterMIMEInfo$UnregisterProgIdInfo$WriteEnvironmentStrings$WriteIniValues$WriteRegistryValues$~
                                                                                                                                                                                • API String ID: 0-2578128725
                                                                                                                                                                                • Opcode ID: ae003ba7657536c5db14b65e309ec99e74e9ca7e2c179ae0d6c6617795effc8d
                                                                                                                                                                                • Instruction ID: 5a1d05786f0e3200bd321a52bfd52363ccf2233dd895eac16e34405a3a65635a
                                                                                                                                                                                • Opcode Fuzzy Hash: ae003ba7657536c5db14b65e309ec99e74e9ca7e2c179ae0d6c6617795effc8d
                                                                                                                                                                                • Instruction Fuzzy Hash: 0623F810A44384DDE711DB756D1A75E3B915BAF304F2867ACF1903F2E2CBB42688D792
                                                                                                                                                                                Function 00BC2EA0 Relevance: 49.9, Strings: 39, Instructions: 1105COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: 12000$15000$2000$3000$30000$800$8000$AppSearch$Complus$Component$Component_$CostFinalize$CostInitialize$Feature$Feature_$File$FileCost$Font$InstallValidate$MsiUnpublishAssemblies$ODBCDataSource$ODBCDriver$ODBCTranslator$ProcessComponents$PublishComponent$Registry$RemoveExistingProducts$RemoveODBC$RemoveRegistry$RemoveRegistryValues$SelfReg$SelfUnregModules$ServiceControl$StopServices$UnpublishComponents$UnpublishFeatures$UnregisterComPlus$UnregisterFonts$u
                                                                                                                                                                                • API String ID: 0-3127294129
                                                                                                                                                                                • Opcode ID: a68a28d77e6360c7b6146851e7d4e2089dfba7e62ada634e9a2a10b6bffd2ca1
                                                                                                                                                                                • Instruction ID: c845353c5bc57026c186fb1c1cc4fdcb8761fad695faacd55c275f7cdf3c4af7
                                                                                                                                                                                • Opcode Fuzzy Hash: a68a28d77e6360c7b6146851e7d4e2089dfba7e62ada634e9a2a10b6bffd2ca1
                                                                                                                                                                                • Instruction Fuzzy Hash: D3C23160A543849EE341CB62ED567967BD1ABAF304F24A249E1043E2E3DBF935CCC791
                                                                                                                                                                                Function 00BEC363 Relevance: 44.8, APIs: 14, Strings: 11, Instructions: 1036memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00BEC38B
                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00BEC3BC
                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00BEC415
                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00BEC4C4
                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00BEC608
                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00BEC619
                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00BEC663
                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00BEC68C
                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00BEC697
                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00BEC7A5
                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00BEC7B2
                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00BEC7FA
                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00BEC822
                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00BEC82C
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ClearVariant$String$AllocFree
                                                                                                                                                                                • String ID: GetFontHeight$MessageBox$MsiEvaluateCondition$MsiGetBinaryPath$MsiGetBinaryPathIndirect$MsiGetBytesCountText$MsiGetFormattedError$MsiGetProperty$MsiPublishEvents$MsiResolveFormatted$MsiSetProperty
                                                                                                                                                                                • API String ID: 1305860026-3153392536
                                                                                                                                                                                • Opcode ID: d159a15141c8e96bb436078ff0d904b0bdeb91e8cb3d6c16d12293ea148d3bdb
                                                                                                                                                                                • Instruction ID: 6af39d8d2e5c101dde776e5ce9ea3897004c874ae087632be76151a1857060c2
                                                                                                                                                                                • Opcode Fuzzy Hash: d159a15141c8e96bb436078ff0d904b0bdeb91e8cb3d6c16d12293ea148d3bdb
                                                                                                                                                                                • Instruction Fuzzy Hash: 51928E71D102898FCB14DFA8CC85B9EBBF0FF59314F248259E415B7291EB74AA86CB50
                                                                                                                                                                                Function 00BFB720 Relevance: 39.6, APIs: 14, Strings: 8, Instructions: 1082stringthreadsleepCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,?,msix,00000004,?,?,?,?,?, ?(-|/)+q,00E27BC6), ref: 00BFBAEE
                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,?,msixbundle,0000000A,msix,00000004,?,?,?,?,?, ?(-|/)+q,00E27BC6), ref: 00BFBC6E
                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00BFBE2B
                                                                                                                                                                                • std::locale::_Init.LIBCPMT ref: 00BFB827
                                                                                                                                                                                  • Part of subcall function 00BCAB90: GetProcessHeap.KERNEL32 ref: 00BCABE5
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCAC17
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCACA2
                                                                                                                                                                                • Sleep.KERNEL32(000007D0,?,?,?,?,?,?,?,?,?,?, ?(-|/)+q,00E27BC6), ref: 00BFC183
                                                                                                                                                                                • std::_Throw_Cpp_error.LIBCPMT ref: 00BFC1EF
                                                                                                                                                                                • std::_Throw_Cpp_error.LIBCPMT ref: 00BFC1F6
                                                                                                                                                                                • std::_Throw_Cpp_error.LIBCPMT ref: 00BFC1FD
                                                                                                                                                                                • std::_Throw_Cpp_error.LIBCPMT ref: 00BFC213
                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00BFC3FE
                                                                                                                                                                                • std::_Throw_Cpp_error.LIBCPMT ref: 00BFC50F
                                                                                                                                                                                • std::_Throw_Cpp_error.LIBCPMT ref: 00BFC516
                                                                                                                                                                                • std::_Throw_Cpp_error.LIBCPMT ref: 00BFC51D
                                                                                                                                                                                • std::_Throw_Cpp_error.LIBCPMT ref: 00BFC524
                                                                                                                                                                                  • Part of subcall function 00BE11B0: FindClose.KERNEL32(00000000,00000000,?,?,?,00CED167), ref: 00BE12EF
                                                                                                                                                                                  • Part of subcall function 00BE11B0: PathIsUNCW.SHLWAPI(?,*.*,00000000), ref: 00BE13A7
                                                                                                                                                                                  • Part of subcall function 00CDFDA0: FormatMessageW.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000,3B919AFF,?,00000000), ref: 00CDFDEB
                                                                                                                                                                                  • Part of subcall function 00CDFDA0: GetLastError.KERNEL32(?,00000000), ref: 00CDFDF5
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Cpp_errorThrow_std::_$CurrentInit_thread_footerThreadlstrcmpi$CloseErrorFindFormatHeapInitLastMessagePathProcessSleepstd::locale::_
                                                                                                                                                                                • String ID: ?(-|/)+q$($Launch failed. Error:$Launching file:$Return code of launched file:$appx$msix$msixbundle
                                                                                                                                                                                • API String ID: 3689723087-3482523422
                                                                                                                                                                                • Opcode ID: da87f2fa18caba50b9419258a95001a6a062d4b057ab09910651780b023ceb8e
                                                                                                                                                                                • Instruction ID: 78cf496a00f77934540ea2cd530f0bac3827c2cec52c7d630eefdb3b5bbff04b
                                                                                                                                                                                • Opcode Fuzzy Hash: da87f2fa18caba50b9419258a95001a6a062d4b057ab09910651780b023ceb8e
                                                                                                                                                                                • Instruction Fuzzy Hash: 9B929E71D0021CCFDB24DFA8C845BADBBB1EF55314F24829DE515A7292EB70AA89CB50
                                                                                                                                                                                Function 00BDF420 Relevance: 26.1, APIs: 17, Instructions: 611COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00BDF458
                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EB), ref: 00BDF4D3
                                                                                                                                                                                • ShowWindow.USER32(00000000,?), ref: 00BDF4F2
                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EB,00000000), ref: 00BDF500
                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00BDF517
                                                                                                                                                                                • ShowWindow.USER32(00000000,?), ref: 00BDF538
                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EB,?), ref: 00BDF54F
                                                                                                                                                                                  • Part of subcall function 00BCA850: RtlAllocateHeap.NTDLL(?,00000000,?,3B919AFF,00000000,00DB7F70,000000FF,?,?,00E9F01C,?,00D219F5,8000000B), ref: 00BCA89A
                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00BDF608
                                                                                                                                                                                • ShowWindow.USER32(?,?), ref: 00BDF68D
                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EB), ref: 00BDF6BC
                                                                                                                                                                                • ShowWindow.USER32(?,?), ref: 00BDF6D9
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00BDF6FE
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$LongRectShow$Client$AllocateHeap
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2610838350-0
                                                                                                                                                                                • Opcode ID: a89d1ba9d49ec0ad9687284374c301f3c86a41924bbaa5d57cf6dfa6f997e09f
                                                                                                                                                                                • Instruction ID: 24f4e26c53b8ae491393006ae7238066ef750c51f3066875c659a445aff067e9
                                                                                                                                                                                • Opcode Fuzzy Hash: a89d1ba9d49ec0ad9687284374c301f3c86a41924bbaa5d57cf6dfa6f997e09f
                                                                                                                                                                                • Instruction Fuzzy Hash: 3E423971A082099FCB14CFA9D884AAEFBF5FF49304F10456EE856A7360E730A945CF51
                                                                                                                                                                                Function 00D0F8F0 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 264filetimeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(00EA94D0,3B919AFF,00000010,?), ref: 00D0F92C
                                                                                                                                                                                  • Part of subcall function 00BCA140: FindResourceW.KERNEL32(00000000,?,00000006,00000000,00000000,00000000,00BCA2B8,-00000010,?,00000000), ref: 00BCA163
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,3B919AFF,00000010,?), ref: 00D0F939
                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 00D0F96B
                                                                                                                                                                                • FlushFileBuffers.KERNEL32(00000000,?,00000000,?,00000000), ref: 00D0F974
                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00E01D8D,38E9084D,?,00000000,00E2326C,00000001,?,00000000,?,00000000), ref: 00D0F9F6
                                                                                                                                                                                • FlushFileBuffers.KERNEL32(00000000,?,00000000,?,00000000), ref: 00D0F9FF
                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,00000000,?,00000000,?,00000000,?,00000000), ref: 00D0FA35
                                                                                                                                                                                • FlushFileBuffers.KERNEL32(00000000,?,00000000,?,00000000,?,00000000,?,00000000), ref: 00D0FA3E
                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00CF4613,94D0B9FF,?,00000000,00E25F30,00000002,?,00000000,?,00000000,?,00000000,?,00000000), ref: 00D0FA9F
                                                                                                                                                                                • FlushFileBuffers.KERNEL32(00000000,?,00000000,?,00000000,?,00000000,?,00000000), ref: 00D0FAA8
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,00000000,?,00000000,?,00000000), ref: 00D0FAD8
                                                                                                                                                                                  • Part of subcall function 00BCA850: RtlAllocateHeap.NTDLL(?,00000000,?,3B919AFF,00000000,00DB7F70,000000FF,?,?,00E9F01C,?,00D219F5,8000000B), ref: 00BCA89A
                                                                                                                                                                                • GetLocalTime.KERNEL32(?,3B919AFF), ref: 00D0FB6E
                                                                                                                                                                                  • Part of subcall function 00BCAB90: GetProcessHeap.KERNEL32 ref: 00BCABE5
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCAC17
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCACA2
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$BuffersFlushWrite$CriticalSection$HeapInit_thread_footer$AllocateEnterFindInitializeLeaveLocalProcessResourceTime
                                                                                                                                                                                • String ID: v$%04d-%02d-%02d %02d-%02d-%02d
                                                                                                                                                                                • API String ID: 4138224324-2546220813
                                                                                                                                                                                • Opcode ID: 903d0cf231610b7a081ecc02085b44b079fab589fcccd103eafc062f4c59ef28
                                                                                                                                                                                • Instruction ID: 4d80e05d14fad61029ea25d7edf2b50693c4a79388229a58d75118b0d111a2a0
                                                                                                                                                                                • Opcode Fuzzy Hash: 903d0cf231610b7a081ecc02085b44b079fab589fcccd103eafc062f4c59ef28
                                                                                                                                                                                • Instruction Fuzzy Hash: 99A1B071A00248EFDB10DFA9DD45BAEBBB8FF09310F148169F845A7291DB749D04CBA0
                                                                                                                                                                                Function 00BD5580 Relevance: 24.4, APIs: 16, Instructions: 389memorynativeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00BD5A10: EnterCriticalSection.KERNEL32(00EAE7BC,3B919AFF,00000000,?,?,?,?,?,?,00BD523E,00DBB23D,000000FF), ref: 00BD5A4D
                                                                                                                                                                                  • Part of subcall function 00BD5A10: LoadCursorW.USER32(00000000,00007F00), ref: 00BD5AC8
                                                                                                                                                                                  • Part of subcall function 00BD5A10: LoadCursorW.USER32(00000000,00007F00), ref: 00BD5B6E
                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00BD5623
                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00BD5654
                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00BD572B
                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00BD573B
                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00BD5746
                                                                                                                                                                                • NtdllDefWindowProc_W.NTDLL(?,?,00000001,?), ref: 00BD5754
                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EB), ref: 00BD5762
                                                                                                                                                                                • GetWindowTextLengthW.USER32(?), ref: 00BD5786
                                                                                                                                                                                • SetWindowTextW.USER32(?,00E2329C), ref: 00BD5801
                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00BD5836
                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00BD5844
                                                                                                                                                                                • GlobalUnlock.KERNEL32(?), ref: 00BD5898
                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EB,00000000), ref: 00BD5923
                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00BD593C
                                                                                                                                                                                • NtdllDefWindowProc_W.NTDLL(?,?,?,00000000), ref: 00BD5983
                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00BD59A2
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Long$String$FreeGlobal$AllocCursorLoadNtdllProc_Text$CriticalEnterLengthLockSectionUnlock
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1977690288-0
                                                                                                                                                                                • Opcode ID: 164065b196b0316007d1f0316ad44685dc83d1ba171b99d63e13db65aaedd0b1
                                                                                                                                                                                • Instruction ID: 2bc7be7b68b8377e33a4bee09018c8485f0768556c4d6f482aafb7ed4219e8ba
                                                                                                                                                                                • Opcode Fuzzy Hash: 164065b196b0316007d1f0316ad44685dc83d1ba171b99d63e13db65aaedd0b1
                                                                                                                                                                                • Instruction Fuzzy Hash: 99D1A171900609EFDB21DFA5CC48BAEBBF8EF49310F144199E911A7391E7799D04CBA1
                                                                                                                                                                                Function 00BE11B0 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 668fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FindClose.KERNEL32(00000000,00000000,?,?,?,00CED167), ref: 00BE12EF
                                                                                                                                                                                • PathIsUNCW.SHLWAPI(?,*.*,00000000), ref: 00BE13A7
                                                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,00000000,*.*,00000000), ref: 00BE14FC
                                                                                                                                                                                • GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000), ref: 00BE1516
                                                                                                                                                                                • GetFullPathNameW.KERNEL32(00000000,00000000,?,00000000), ref: 00BE1549
                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00BE15B8
                                                                                                                                                                                • SetLastError.KERNEL32(0000007B), ref: 00BE15C6
                                                                                                                                                                                • _wcsrchr.LIBVCRUNTIME ref: 00BE161C
                                                                                                                                                                                • _wcsrchr.LIBVCRUNTIME ref: 00BE163C
                                                                                                                                                                                • PathIsUNCW.SHLWAPI(*.*,?,3B919AFF), ref: 00BE17D5
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Path$Find$CloseFullName_wcsrchr$ErrorFileFirstLast
                                                                                                                                                                                • String ID: *.*$\\?\$\\?\UNC\
                                                                                                                                                                                • API String ID: 1241272779-1700010636
                                                                                                                                                                                • Opcode ID: f8608be01b53d70ceefc2e375bb2b6de32f650eb1661b28d3fed4bd3afcf3726
                                                                                                                                                                                • Instruction ID: 77d488bea0cdbc8a6407b422c42ca5f81d61e5ff628dc8051643101fd8aff171
                                                                                                                                                                                • Opcode Fuzzy Hash: f8608be01b53d70ceefc2e375bb2b6de32f650eb1661b28d3fed4bd3afcf3726
                                                                                                                                                                                • Instruction Fuzzy Hash: F23201706006469FDB14DF6EC888B6EB7F5FF54314F248AACE8159B391EB71A904CB90
                                                                                                                                                                                Function 00CBC450 Relevance: 21.4, APIs: 9, Strings: 3, Instructions: 367windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037), ref: 00CBC6D9
                                                                                                                                                                                • RedrawWindow.USER32(?,00000000,00000000,00000541), ref: 00CBC6EB
                                                                                                                                                                                • SendMessageW.USER32(?,00000443,00000000), ref: 00CBC743
                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00CBC767
                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00CBC772
                                                                                                                                                                                • MulDiv.KERNEL32(?,00000000), ref: 00CBC77A
                                                                                                                                                                                • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?), ref: 00CBC79F
                                                                                                                                                                                • GetObjectW.GDI32(00000000,0000005C,?), ref: 00CBC888
                                                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 00CBC89C
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateFontWindow$CapsDeviceIndirectMessageObjectRedrawSend
                                                                                                                                                                                • String ID: NumberValidationTipMsg$NumberValidationTipTitle$Segoe UI
                                                                                                                                                                                • API String ID: 3757546181-2319862951
                                                                                                                                                                                • Opcode ID: b254ab042351b69505148fe42ad8f7bc4cbe8a2db5e1ee644d8b519e973692b3
                                                                                                                                                                                • Instruction ID: 7d167ec47d9e8db59caf7b0c4e30249c514637c59968bcf1aaa346b5e2a24846
                                                                                                                                                                                • Opcode Fuzzy Hash: b254ab042351b69505148fe42ad8f7bc4cbe8a2db5e1ee644d8b519e973692b3
                                                                                                                                                                                • Instruction Fuzzy Hash: 32D1C071A00705AFEB14CF34CC95BEEB7B1EF89300F108699E556A72D1DB746A49CBA0
                                                                                                                                                                                Function 00CBBCC0 Relevance: 19.7, APIs: 13, Instructions: 155windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SendMessageW.USER32(?,00001036,00010000,00000000), ref: 00CBBD2B
                                                                                                                                                                                • GetParent.USER32(00000000), ref: 00CBBD7E
                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00CBBD81
                                                                                                                                                                                • GetParent.USER32(00000000), ref: 00CBBD90
                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00CBBD93
                                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 00CBBDC0
                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(00000000), ref: 00CBBDFF
                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00CBBE10
                                                                                                                                                                                • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 00CBBE26
                                                                                                                                                                                  • Part of subcall function 00C75DF0: IsWindowVisible.USER32(?), ref: 00C75E6A
                                                                                                                                                                                  • Part of subcall function 00C75DF0: GetWindowRect.USER32(?,?), ref: 00C75E82
                                                                                                                                                                                  • Part of subcall function 00C75DF0: GetWindowRect.USER32(?,?), ref: 00C75E9A
                                                                                                                                                                                  • Part of subcall function 00C75DF0: IntersectRect.USER32(?,?,?), ref: 00C75EB7
                                                                                                                                                                                  • Part of subcall function 00C75DF0: EqualRect.USER32(?,?), ref: 00C75EC7
                                                                                                                                                                                  • Part of subcall function 00C75DF0: GetSysColorBrush.USER32(0000000F), ref: 00C75EDD
                                                                                                                                                                                • FillRect.USER32(?,?,00000000), ref: 00CBBE3C
                                                                                                                                                                                • DeleteDC.GDI32(?), ref: 00CBBE5C
                                                                                                                                                                                • SendMessageW.USER32(?,00001026,00000000,000000FF), ref: 00CBBE80
                                                                                                                                                                                • SendMessageW.USER32(?,0000108A,00000000,00000011), ref: 00CBBE93
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Rect$Window$MessageSend$CompatibleCreateParent$BitmapBrushColorDeleteEqualFillIntersectObjectPointsSelectVisible
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2161025992-0
                                                                                                                                                                                • Opcode ID: bb267b98e980addfcb0bb54f9029fc07710fa89eca666d5b215bdae252cd4e0c
                                                                                                                                                                                • Instruction ID: 1084b21503059a0e1abe911c34de6bfeee384fa56fe48e2911f932b7637cf463
                                                                                                                                                                                • Opcode Fuzzy Hash: bb267b98e980addfcb0bb54f9029fc07710fa89eca666d5b215bdae252cd4e0c
                                                                                                                                                                                • Instruction Fuzzy Hash: 63515771D04608AFDB10DFA9CD44BDEBBF8AF5D710F14421AE855B7290E7706A848B60
                                                                                                                                                                                Function 00CEEAF0 Relevance: 19.1, APIs: 2, Strings: 8, Instructions: 1604fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00BCA850: RtlAllocateHeap.NTDLL(?,00000000,?,3B919AFF,00000000,00DB7F70,000000FF,?,?,00E9F01C,?,00D219F5,8000000B), ref: 00BCA89A
                                                                                                                                                                                  • Part of subcall function 00BCAB90: GetProcessHeap.KERNEL32 ref: 00BCABE5
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCAC17
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCACA2
                                                                                                                                                                                  • Part of subcall function 00BCA140: FindResourceW.KERNEL32(00000000,?,00000006,00000000,00000000,00000000,00BCA2B8,-00000010,?,00000000), ref: 00BCA163
                                                                                                                                                                                • CopyFileW.KERNEL32(?,?,00000000,00000000,00000000), ref: 00CEF078
                                                                                                                                                                                • CopyFileW.KERNEL32(?,?,00000000,00000000,00000000,?,?,?,?), ref: 00CEF579
                                                                                                                                                                                  • Part of subcall function 00CC6270: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,00000000,00000000,?,00000000,?,00000000,00DC225D,000000FF,?,80004005,?,?), ref: 00CC6288
                                                                                                                                                                                  • Part of subcall function 00CC6270: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,?,-00000001,?,80004005,?,?,?,00000000,00DF48ED,000000FF,?,00CC4B55), ref: 00CC62BA
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharCopyFileHeapInit_thread_footerMultiWide$AllocateFindProcessResource
                                                                                                                                                                                • String ID: AI_PRODUCTNAME_ARP$InstanceId$ProductCode$ProductName$\\?\$instname-custom.mst$instname-target.msi${%0.8X-%0.4X-%0.4X-%0.2X%0.2X-%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X}
                                                                                                                                                                                • API String ID: 2868415777-2893908338
                                                                                                                                                                                • Opcode ID: f66e8abbc396f7c50a71854e1e85063902f534e803a060fb066ee285dcb7b1dc
                                                                                                                                                                                • Instruction ID: cd5d80f241d997e14f79d46926bac611e171e9c0657d89a7736b870f95295280
                                                                                                                                                                                • Opcode Fuzzy Hash: f66e8abbc396f7c50a71854e1e85063902f534e803a060fb066ee285dcb7b1dc
                                                                                                                                                                                • Instruction Fuzzy Hash: C4D2A0319016899FDB00DFA9C849BAEBBF4EF45314F1481ADE415EB292DB34DE05CBA1
                                                                                                                                                                                Function 00BD4E60 Relevance: 18.4, APIs: 12, Instructions: 416nativememoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00BD508B
                                                                                                                                                                                • GetWindowLongW.USER32(00000000,000000EC), ref: 00BD509B
                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000EC,00000000), ref: 00BD50A6
                                                                                                                                                                                • NtdllDefWindowProc_W.NTDLL(00000000,00000000,00000001,?), ref: 00BD50B4
                                                                                                                                                                                • GetWindowLongW.USER32(00000000,000000EB), ref: 00BD50C2
                                                                                                                                                                                • GetWindowTextLengthW.USER32(00000000), ref: 00BD50E6
                                                                                                                                                                                • SetWindowTextW.USER32(00000000,00E2329C), ref: 00BD5161
                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00BD5196
                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00BD51A4
                                                                                                                                                                                • GlobalUnlock.KERNEL32(?), ref: 00BD51F8
                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00BD525D
                                                                                                                                                                                • NtdllDefWindowProc_W.NTDLL(00000000,00000000,3B919AFF,00000000), ref: 00BD52AF
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Long$Global$NtdllProc_Text$AllocLengthLockUnlock
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1270883422-0
                                                                                                                                                                                • Opcode ID: f7813b019f1d03832bb627ed5197631d1c08c50905d32224a5cc218231434087
                                                                                                                                                                                • Instruction ID: 22bd9d1d77f63084c057373993b09e9930c03bd019573ad792ecff40d0d465de
                                                                                                                                                                                • Opcode Fuzzy Hash: f7813b019f1d03832bb627ed5197631d1c08c50905d32224a5cc218231434087
                                                                                                                                                                                • Instruction Fuzzy Hash: 18E1D171A016069FDB20DF68CC44BAFBBE9EF49310F1441AAE915E7391EB74D904CBA1
                                                                                                                                                                                Function 00BEE230 Relevance: 18.1, APIs: 6, Strings: 4, Instructions: 639windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SendMessageW.USER32(?,00001009,00000000,00000000), ref: 00BEE311
                                                                                                                                                                                  • Part of subcall function 00D90372: EnterCriticalSection.KERNEL32(00EA7DCC,?,?,?,00BCAC36,00EA89FC,3B919AFF,?,?,00DB84ED,000000FF,?,00D21851,3B919AFF,?,?), ref: 00D9037D
                                                                                                                                                                                  • Part of subcall function 00D90372: LeaveCriticalSection.KERNEL32(00EA7DCC,?,00BCAC36,00EA89FC,3B919AFF,?,?,00DB84ED,000000FF,?,00D21851,3B919AFF,?,?,00000000,?), ref: 00D903BA
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00BEE2CE
                                                                                                                                                                                  • Part of subcall function 00D90328: EnterCriticalSection.KERNEL32(00EA7DCC,?,?,00BCACA7,00EA89FC,00E15FA0), ref: 00D90332
                                                                                                                                                                                  • Part of subcall function 00D90328: LeaveCriticalSection.KERNEL32(00EA7DCC,?,00BCACA7,00EA89FC,00E15FA0), ref: 00D90365
                                                                                                                                                                                  • Part of subcall function 00D90328: RtlWakeAllConditionVariable.NTDLL ref: 00D903DC
                                                                                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,?), ref: 00BEE832
                                                                                                                                                                                • SendMessageW.USER32(?,0000102B,?,0000000F), ref: 00BEE8E0
                                                                                                                                                                                • SendMessageW.USER32(?,00001003,00000001,?), ref: 00BEE981
                                                                                                                                                                                  • Part of subcall function 00CD2170: __cftof.LIBCMT ref: 00CD21C0
                                                                                                                                                                                • SendMessageW.USER32(?,0000101E,00000000,0000FFFE), ref: 00BEEB09
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake__cftof
                                                                                                                                                                                • String ID: AiFeatIco$Icon$d$d
                                                                                                                                                                                • API String ID: 2303580663-2874926508
                                                                                                                                                                                • Opcode ID: 588680d2e963e164696464f58918897a1f6f7fac87867dad5bf08f8700e94d48
                                                                                                                                                                                • Instruction ID: d74cd28e212aa1939c5f749f04e89f09079fb3bfab0cb8a967a5b7d27bbfdcc0
                                                                                                                                                                                • Opcode Fuzzy Hash: 588680d2e963e164696464f58918897a1f6f7fac87867dad5bf08f8700e94d48
                                                                                                                                                                                • Instruction Fuzzy Hash: 95527871900698CFDB24DB68CC88BDDBBF1EB49304F1445E9E45AAB291DB70AE84CF50
                                                                                                                                                                                Function 00CE29A0 Relevance: 18.1, APIs: 9, Strings: 1, Instructions: 581COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00CE2B4D
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00CE2CEC
                                                                                                                                                                                  • Part of subcall function 00D90372: EnterCriticalSection.KERNEL32(00EA7DCC,?,?,?,00BCAC36,00EA89FC,3B919AFF,?,?,00DB84ED,000000FF,?,00D21851,3B919AFF,?,?), ref: 00D9037D
                                                                                                                                                                                  • Part of subcall function 00D90372: LeaveCriticalSection.KERNEL32(00EA7DCC,?,00BCAC36,00EA89FC,3B919AFF,?,?,00DB84ED,000000FF,?,00D21851,3B919AFF,?,?,00000000,?), ref: 00D903BA
                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F5,?,3B919AFF,?,?), ref: 00CE2D74
                                                                                                                                                                                • GetConsoleScreenBufferInfo.KERNEL32(00000000,?,?), ref: 00CE2D7B
                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F5,0000000C,?,?), ref: 00CE2D8F
                                                                                                                                                                                • SetConsoleTextAttribute.KERNEL32(00000000,?,?), ref: 00CE2D96
                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F5,000000FF,?,00000000,?,00000000,00E25F30,00000002,?,?), ref: 00CE2E25
                                                                                                                                                                                • SetConsoleTextAttribute.KERNEL32(00000000,?,?), ref: 00CE2E2C
                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 00CE30BC
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ConsoleHandle$AttributeCriticalInit_thread_footerSectionText$BufferEnterInfoLeaveScreenWindow
                                                                                                                                                                                • String ID: Error
                                                                                                                                                                                • API String ID: 2811146417-2619118453
                                                                                                                                                                                • Opcode ID: 3d7d55168af9d6ffaf50228b4f39ebb70d1579571db871f3c4df618cc2d9ab65
                                                                                                                                                                                • Instruction ID: 506521ec5a12bf4a099a4712587c43988b7fd93446cdbd9648167db544953468
                                                                                                                                                                                • Opcode Fuzzy Hash: 3d7d55168af9d6ffaf50228b4f39ebb70d1579571db871f3c4df618cc2d9ab65
                                                                                                                                                                                • Instruction Fuzzy Hash: 7A429E71D00299CFDB24CFA9CC45B9DBBB4BF49314F248299E019B7291DB746A89CF60
                                                                                                                                                                                Function 00BEBC61 Relevance: 17.1, APIs: 11, Instructions: 591memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00BCAB90: GetProcessHeap.KERNEL32 ref: 00BCABE5
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCAC17
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCACA2
                                                                                                                                                                                • VariantClear.OLEAUT32 ref: 00BEBEED
                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00BEC04A
                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00BEC072
                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00BEBF1B
                                                                                                                                                                                  • Part of subcall function 00BCA140: FindResourceW.KERNEL32(00000000,?,00000006,00000000,00000000,00000000,00BCA2B8,-00000010,?,00000000), ref: 00BCA163
                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00BEBFEE
                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00BEC016
                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00BEC1EA
                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00BEC1FB
                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00BEC245
                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00BEC26E
                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00BEC279
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ClearVariant$Init_thread_footerString$AllocFindFreeHeapProcessResource
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3639656564-0
                                                                                                                                                                                • Opcode ID: 58702edc31afa1d5d932aa023db345649650615d96bb26bac13d1d43070dc302
                                                                                                                                                                                • Instruction ID: 43d3469b50958e9bbc90995991f18b6014529b795c3dd1d8e9f38ba00639e401
                                                                                                                                                                                • Opcode Fuzzy Hash: 58702edc31afa1d5d932aa023db345649650615d96bb26bac13d1d43070dc302
                                                                                                                                                                                • Instruction Fuzzy Hash: C922AF71D00249CFDB10DFA9CD44BAEBBF4EF48314F24829DE915A7252EB34AA45CB91
                                                                                                                                                                                Function 00BF84B0 Relevance: 16.6, APIs: 1, Strings: 8, Instructions: 843windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00BF84FC
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                • String ID: ' AND `Control_`='$AiTabPage$ControlEvent$Dialog$SpawnDialog$Title$Tt$`Dialog_`='
                                                                                                                                                                                • API String ID: 3850602802-2944959905
                                                                                                                                                                                • Opcode ID: dade70ab67b7243f50453d0a3329113ff2b4ec3d176f9dd1f062220429c8adf0
                                                                                                                                                                                • Instruction ID: 30414e13bdd6161166a439d9709b619b28f3b0166f300b194718a052537f9b73
                                                                                                                                                                                • Opcode Fuzzy Hash: dade70ab67b7243f50453d0a3329113ff2b4ec3d176f9dd1f062220429c8adf0
                                                                                                                                                                                • Instruction Fuzzy Hash: 5372C071D00258DFCB14DFA4C885BEDBBF1FF59304F248299E505AB291DB74AA85CBA0
                                                                                                                                                                                Function 00CC4260 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 248fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000), ref: 00CC434F
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00CC4377
                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?), ref: 00CC43B9
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00CC440E
                                                                                                                                                                                • ShellExecuteExW.SHELL32 ref: 00CC44A3
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseFileHandle$CreateExecuteShellWrite
                                                                                                                                                                                • String ID: .bat$EXE$open$runas
                                                                                                                                                                                • API String ID: 548387358-1492471297
                                                                                                                                                                                • Opcode ID: 3db8691e8d362f245b851effa97fe9004f1ebd32ed99b2bb18f901bc0342b596
                                                                                                                                                                                • Instruction ID: 69229b7771191740865070070cd0786e4e3b833b6edbe54bfeb49cfd63283f2a
                                                                                                                                                                                • Opcode Fuzzy Hash: 3db8691e8d362f245b851effa97fe9004f1ebd32ed99b2bb18f901bc0342b596
                                                                                                                                                                                • Instruction Fuzzy Hash: 42A16970901648DFEB14CFA9C958B9DBBB4BF49314F28C29DE415AB291DB749E08CB50
                                                                                                                                                                                Function 00BD7310 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 194comCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CoCreateInstance.COMBASE(00E253E4,00000000,00000001,Function_00265A6C,?), ref: 00BD73E0
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateInstance
                                                                                                                                                                                • String ID: :${
                                                                                                                                                                                • API String ID: 542301482-3766677574
                                                                                                                                                                                • Opcode ID: dbfddbc2f6fcce8a1a284138d26c65f5a01b7791ff82bab55bf3ae3de4753268
                                                                                                                                                                                • Instruction ID: 031e556c143b5a2f8f5f6cc14665688c7544d601f0744f9dc32cd3a84067c63a
                                                                                                                                                                                • Opcode Fuzzy Hash: dbfddbc2f6fcce8a1a284138d26c65f5a01b7791ff82bab55bf3ae3de4753268
                                                                                                                                                                                • Instruction Fuzzy Hash: E661A270A442159ACF248F689895BFEFBE4EB09724F14449AE802EB380FB75DC40CB65
                                                                                                                                                                                Function 00CF3B50 Relevance: 14.9, APIs: 3, Strings: 5, Instructions: 865COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetShortPathNameW.KERNEL32(3B919AFF,00000000,00000000), ref: 00CF3BB0
                                                                                                                                                                                Strings
                                                                                                                                                                                • appx, xrefs: 00CF4660
                                                                                                                                                                                • WindowsPowerShell\v1.0\powershell.exe, xrefs: 00CF4B2C
                                                                                                                                                                                • Remove-AppxPackage "%s" exit $error.count, xrefs: 00CF4A7D
                                                                                                                                                                                • %s_%s_%s_%s_%s, xrefs: 00CF4A65
                                                                                                                                                                                • Add-AppxPackage -Path "%s" exit $error.count, xrefs: 00CF4987
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: NamePathShort
                                                                                                                                                                                • String ID: %s_%s_%s_%s_%s$Add-AppxPackage -Path "%s" exit $error.count$Remove-AppxPackage "%s" exit $error.count$WindowsPowerShell\v1.0\powershell.exe$appx
                                                                                                                                                                                • API String ID: 1295925010-2596435353
                                                                                                                                                                                • Opcode ID: 91282dc049fec9ca8dc14c4a686ee8d762cea8f3e8f0bc4db1dab2b8738eac25
                                                                                                                                                                                • Instruction ID: 1a703cbba581dadd6947cb9eae7a48948aa5ebdcc9f1ad533e40db446dc7e05b
                                                                                                                                                                                • Opcode Fuzzy Hash: 91282dc049fec9ca8dc14c4a686ee8d762cea8f3e8f0bc4db1dab2b8738eac25
                                                                                                                                                                                • Instruction Fuzzy Hash: 1872EF30901249DFDB18DB68CC58BAEB7F4AF05314F1482EDE515A7292EB70AF44CB91
                                                                                                                                                                                Function 00BE9650 Relevance: 13.3, Strings: 10, Instructions: 770COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: $AI_DynInstances$AI_GenNewCompGuids$AI_MajorUpgrades$InstanceId$Manufacturer$OldProductCode$ProductCode$ProductVersion$UpgradeCode
                                                                                                                                                                                • API String ID: 0-614494711
                                                                                                                                                                                • Opcode ID: 70742491a2395879072ba5bf86dc0f117e8eab29711a67f97dba8482b456c4b8
                                                                                                                                                                                • Instruction ID: 13e7bc1a4595942ee0840953655cd23d509fa84430b9b56b1a4075547a4db6f4
                                                                                                                                                                                • Opcode Fuzzy Hash: 70742491a2395879072ba5bf86dc0f117e8eab29711a67f97dba8482b456c4b8
                                                                                                                                                                                • Instruction Fuzzy Hash: 5F62BF31D00298CBDB14DB64CC94BEEBBF5EF55304F2482D9E406B7291DB746A89CBA1
                                                                                                                                                                                Function 00BE4B30 Relevance: 11.2, APIs: 2, Strings: 4, Instructions: 694COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: AI_CONTROL_VISUAL_STYLE$AI_CONTROL_VISUAL_STYLE_EX$AI_NO_BORDER_HOVER$AI_NO_BORDER_NORMAL
                                                                                                                                                                                • API String ID: 0-932585912
                                                                                                                                                                                • Opcode ID: debf312ce31bc7312d89d5ccd2e1f70439302544aae6cf781912094c6b8a6776
                                                                                                                                                                                • Instruction ID: f3e5cb8e2888d683f9d2ace36bb4624ac141fe059e7c9f1a5627ba891ee5a4cb
                                                                                                                                                                                • Opcode Fuzzy Hash: debf312ce31bc7312d89d5ccd2e1f70439302544aae6cf781912094c6b8a6776
                                                                                                                                                                                • Instruction Fuzzy Hash: 12423271D006688FDB18CF69CC94BAEB7F1FF85304F148299E455AB382C774AA45CBA1
                                                                                                                                                                                Function 00DB328A Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __floor_pentium4
                                                                                                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                • API String ID: 4168288129-2761157908
                                                                                                                                                                                • Opcode ID: 0ad045bbd67e6328bb61e7be0288c8226ef6cf3444afe273d1b719c1ebe6e2ff
                                                                                                                                                                                • Instruction ID: 330fca08cabb22bdbd7960fd6dea727f674d480004065a121016a2680f103b2b
                                                                                                                                                                                • Opcode Fuzzy Hash: 0ad045bbd67e6328bb61e7be0288c8226ef6cf3444afe273d1b719c1ebe6e2ff
                                                                                                                                                                                • Instruction Fuzzy Hash: BBD23971E08228CFDB65CE28CD407EAB7B5EB45305F1841EAD44EE7241DB78AE859F60
                                                                                                                                                                                Function 00CDC040 Relevance: 9.3, APIs: 6, Instructions: 321fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _wcsrchr.LIBVCRUNTIME ref: 00CDC098
                                                                                                                                                                                  • Part of subcall function 00BCAB90: GetProcessHeap.KERNEL32 ref: 00BCABE5
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCAC17
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCACA2
                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,00000000), ref: 00CDC198
                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,00000000,0000002A,?,00000000), ref: 00CDC235
                                                                                                                                                                                • FindClose.KERNEL32(00000000,?,00000000), ref: 00CDC25B
                                                                                                                                                                                • FindClose.KERNEL32(00000000,?,00000000), ref: 00CDC2A5
                                                                                                                                                                                • _wcsrchr.LIBVCRUNTIME ref: 00CDC329
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Find$CloseFileFirstInit_thread_footer_wcsrchr$HeapProcess
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2593539128-0
                                                                                                                                                                                • Opcode ID: 69d57e75ca9b83ad4dcbce26c5cfbc5a78e2cbeb4f8d267211d09174f0f786e8
                                                                                                                                                                                • Instruction ID: cf7920cc59ff9bf9d1ea1db3ec586cb39ef35505b2af84f7eed9b7b50531bcb2
                                                                                                                                                                                • Opcode Fuzzy Hash: 69d57e75ca9b83ad4dcbce26c5cfbc5a78e2cbeb4f8d267211d09174f0f786e8
                                                                                                                                                                                • Instruction Fuzzy Hash: 84A1B271A0020A9FDB10DF68CC85BAEB7F5FF85314F10866AE925D7381E7759A04CB90
                                                                                                                                                                                Function 00D208C0 Relevance: 9.2, APIs: 6, Instructions: 203fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,00000000,-00000010,?,3B919AFF,?,00000000,00000000), ref: 00D20991
                                                                                                                                                                                • FindNextFileW.KERNEL32(?,00000000), ref: 00D209AC
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileFind$FirstNext
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1690352074-0
                                                                                                                                                                                • Opcode ID: 7ea9d1ae2234aa92a602aa2f12cc0181d77baf8b1914cf87f192c0e8c55883b5
                                                                                                                                                                                • Instruction ID: 5d6b921f8e64a24264b820e2ef272c8b109974f3e0d93b350ce26c513649a9a2
                                                                                                                                                                                • Opcode Fuzzy Hash: 7ea9d1ae2234aa92a602aa2f12cc0181d77baf8b1914cf87f192c0e8c55883b5
                                                                                                                                                                                • Instruction Fuzzy Hash: 79717C7190124DDFDB10DFA8D948BDEBBB4FF58314F188159E815AB292DB349E04CB61
                                                                                                                                                                                Function 00CC1130 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 387fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetShortPathNameW.KERNEL32(?,?,00000105), ref: 00CC1254
                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?,?,3B919AFF,?), ref: 00CC14DC
                                                                                                                                                                                • FindNextFileW.KERNEL32(000000FF,00000010,?,3B919AFF,?), ref: 00CC1633
                                                                                                                                                                                • FindClose.KERNEL32(000000FF,?,?,3B919AFF,?), ref: 00CC1692
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Find$File$CloseFirstNameNextPathShort
                                                                                                                                                                                • String ID: \\?\
                                                                                                                                                                                • API String ID: 3979292098-4282027825
                                                                                                                                                                                • Opcode ID: d8f76430ff833fba03a663ebd8bc7396c455e1de9457dbba948d4f79f183e405
                                                                                                                                                                                • Instruction ID: 785a89288794e475f3469d27f0a1c3937ae2f6eb0551e7d0a5b7f069e7ad03f4
                                                                                                                                                                                • Opcode Fuzzy Hash: d8f76430ff833fba03a663ebd8bc7396c455e1de9457dbba948d4f79f183e405
                                                                                                                                                                                • Instruction Fuzzy Hash: 0DF1B170D002199FDB24DF68CC99BAEB7B4FF45304F14829DE819A7291EB74AA84CF50
                                                                                                                                                                                Function 00D8F9A7 Relevance: 9.0, APIs: 6, Instructions: 41memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(0000000C,00D8F8C3,00000000,?,00D8FA5B,00000000,?,?,00BD7074,?), ref: 00D8F9A9
                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008,00000000,00000000,?,?,00BD7074,?), ref: 00D8F9D0
                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,00BD7074,?), ref: 00D8F9D7
                                                                                                                                                                                • InitializeSListHead.KERNEL32(00000000,?,?,00BD7074,?), ref: 00D8F9E4
                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00BD7074,?), ref: 00D8F9F9
                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,00BD7074,?), ref: 00D8FA00
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Heap$Process$AllocFeatureFreeHeadInitializeListPresentProcessor
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1475849761-0
                                                                                                                                                                                • Opcode ID: 84c30a9521fe740d7e2af317c0c147a7292cb8209228eb34005d2d9d94289de9
                                                                                                                                                                                • Instruction ID: d41b2834f7c85935eada6cefe90a93d336aa58abcdd4466ea7e1774621b305e2
                                                                                                                                                                                • Opcode Fuzzy Hash: 84c30a9521fe740d7e2af317c0c147a7292cb8209228eb34005d2d9d94289de9
                                                                                                                                                                                • Instruction Fuzzy Hash: 52F0AF316006019FE721EF3AAD08B5637E9EF9DB22F054428E986E3260DF70D4088B60
                                                                                                                                                                                Function 00DA839A Relevance: 6.3, APIs: 4, Instructions: 337COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _strrchr
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3213747228-0
                                                                                                                                                                                • Opcode ID: 5a9a9956dbb4f30dde4c6d8c4787ddd4143f3db839e907bf4e58a5d4c0a3350e
                                                                                                                                                                                • Instruction ID: bdf369eefa9b6eedeee1492b93a33906d27ab8088d5d5654acc8c76e187e0dfc
                                                                                                                                                                                • Opcode Fuzzy Hash: 5a9a9956dbb4f30dde4c6d8c4787ddd4143f3db839e907bf4e58a5d4c0a3350e
                                                                                                                                                                                • Instruction Fuzzy Hash: 05B13772D042469FEB158F68C8817EEBBE5EF5A300F188169ED05AB241DA74DD01DBB0
                                                                                                                                                                                Function 00BE2C90 Relevance: 6.1, APIs: 4, Instructions: 87timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • KillTimer.USER32(00000003,00000001,3B919AFF,?,?,?,?,00DBD5E4,000000FF), ref: 00BE2CD1
                                                                                                                                                                                • GetWindowLongW.USER32(00000003,000000FC), ref: 00BE2CE6
                                                                                                                                                                                • SetWindowLongW.USER32(00000003,000000FC,?), ref: 00BE2CF8
                                                                                                                                                                                • DeleteCriticalSection.KERNEL32(?,3B919AFF,?,?,?,?,00DBD5E4,000000FF), ref: 00BE2D23
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LongWindow$CriticalDeleteKillSectionTimer
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1032004442-0
                                                                                                                                                                                • Opcode ID: 92615f801f573c26c00f2c34607ba0670955644017790632248f692e389ba470
                                                                                                                                                                                • Instruction ID: cfb7bad7fb08f1b4a1886f03e4851f0ad1b2e0732d5de50b121e5a034678f7a2
                                                                                                                                                                                • Opcode Fuzzy Hash: 92615f801f573c26c00f2c34607ba0670955644017790632248f692e389ba470
                                                                                                                                                                                • Instruction Fuzzy Hash: 4531E271904646AFCB11DF29CC04B59BBE8FF0A320F248269E864A3691E771E914CBA0
                                                                                                                                                                                Function 00BF73A0 Relevance: 5.4, Strings: 4, Instructions: 364COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: <> "$ = "$Hide$Show
                                                                                                                                                                                • API String ID: 0-289022205
                                                                                                                                                                                • Opcode ID: de5acd460b2d77ebb5b978d5ac289442d4386e31fe2cfa97dbc9666d3ecfe68e
                                                                                                                                                                                • Instruction ID: efa9847664e9aebe7222e4961472f5bdca00d27dda1a713ca5de585e9d641700
                                                                                                                                                                                • Opcode Fuzzy Hash: de5acd460b2d77ebb5b978d5ac289442d4386e31fe2cfa97dbc9666d3ecfe68e
                                                                                                                                                                                • Instruction Fuzzy Hash: 26F17C70D04258DFDB14DF64C854BADBBB0FF55304F2086D9E5097B292EB71AA88CBA0
                                                                                                                                                                                Function 00BC7480 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetVersionExW.KERNEL32 ref: 00D899C8
                                                                                                                                                                                • GetVersionExW.KERNEL32(?), ref: 00D89A13
                                                                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(00000011), ref: 00D89A27
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Version$FeaturePresentProcessor
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1871528217-0
                                                                                                                                                                                • Opcode ID: 3cec270c207bee37076af1e938d76e5f015f1800b336e81eb1872ecce13ba502
                                                                                                                                                                                • Instruction ID: 6dc54a4376d7ff3796b3226b63e4db6f134bc3a88cc35413ce52a15900e7620a
                                                                                                                                                                                • Opcode Fuzzy Hash: 3cec270c207bee37076af1e938d76e5f015f1800b336e81eb1872ecce13ba502
                                                                                                                                                                                • Instruction Fuzzy Hash: 8C611672B042244FE708DF2E8C956BABBD5EBC9341F09463EE486D7291D678D509CBB0
                                                                                                                                                                                Function 00BDEFE0 Relevance: 4.6, APIs: 3, Instructions: 93COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • IsWindow.USER32(00000004), ref: 00BDF02E
                                                                                                                                                                                • GetWindowLongW.USER32(00000004,000000FC), ref: 00BDF047
                                                                                                                                                                                • SetWindowLongW.USER32(00000004,000000FC,?), ref: 00BDF059
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Long
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 847901565-0
                                                                                                                                                                                • Opcode ID: 19405f7f7208ef1add8565abaeea00b47cb1974ed57b7181042e1bb12c54157e
                                                                                                                                                                                • Instruction ID: 19b787a784c6932a6bf835b4525ec86c153910ffd59c2a8b13a70d0b8a7472d5
                                                                                                                                                                                • Opcode Fuzzy Hash: 19405f7f7208ef1add8565abaeea00b47cb1974ed57b7181042e1bb12c54157e
                                                                                                                                                                                • Instruction Fuzzy Hash: 6141ACB0604602EFDB14DF65C908B6AFBF4FF09324F1042A9E46597790E776A914CB90
                                                                                                                                                                                Function 00D950F3 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00D951EB
                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00D951F5
                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00D95202
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3906539128-0
                                                                                                                                                                                • Opcode ID: c1043c2ed3f873f5024e6dbd3302a3a3f4eff8e8585ad88d22eea12e8e750e77
                                                                                                                                                                                • Instruction ID: a5507a7d35e5c66e38cda7be2887db442d0a0f20efc2dba2741697eed8da8ff0
                                                                                                                                                                                • Opcode Fuzzy Hash: c1043c2ed3f873f5024e6dbd3302a3a3f4eff8e8585ad88d22eea12e8e750e77
                                                                                                                                                                                • Instruction Fuzzy Hash: 6A31D374941219ABCF21DF24D9897CDBBB8FF18310F5041EAE51CA6261EB709B858F64
                                                                                                                                                                                Function 00BCA000 Relevance: 4.6, APIs: 3, Instructions: 65COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadResource.KERNEL32(00000000,00000000,3B919AFF,00000001,00000000,?,00000000,00DB7D20,000000FF,?,00BC9FAC,?,?,00BCA150,00000000,00000000), ref: 00BCA02B
                                                                                                                                                                                • LockResource.KERNEL32(00000000,?,00BC9FAC,?,?,00BCA150,00000000,00000000,00000000,00BCA2B8,-00000010,?,00000000), ref: 00BCA036
                                                                                                                                                                                • SizeofResource.KERNEL32(00000000,00000000,?,00BC9FAC,?,?,00BCA150,00000000,00000000,00000000,00BCA2B8,-00000010,?,00000000), ref: 00BCA044
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Resource$LoadLockSizeof
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2853612939-0
                                                                                                                                                                                • Opcode ID: acfd81c779ce0c4e3651458c66467fb363aee73e1cba33c2525e1728ca1c411a
                                                                                                                                                                                • Instruction ID: 89f501597e079440a1aab26ed1d74e59691ae27323f5abd11d41757cea283dd0
                                                                                                                                                                                • Opcode Fuzzy Hash: acfd81c779ce0c4e3651458c66467fb363aee73e1cba33c2525e1728ca1c411a
                                                                                                                                                                                • Instruction Fuzzy Hash: 1611E372A046589FC7348F69DC44F66F7E8EB88765F004A6EEC1AD3240EA35AC0486A4
                                                                                                                                                                                Function 00BD7B50 Relevance: 4.5, APIs: 3, Instructions: 28COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetWindowLongW.USER32(0000001B,000000FC), ref: 00BD7B69
                                                                                                                                                                                • SetWindowLongW.USER32(0000001B,000000FC,?), ref: 00BD7B77
                                                                                                                                                                                • DestroyWindow.USER32(0000001B), ref: 00BD7BA3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Long$Destroy
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3055081903-0
                                                                                                                                                                                • Opcode ID: 2f46acbb793d594536fcd92f0b31b94e09b13200943238bc954e9602ba2dfd6b
                                                                                                                                                                                • Instruction ID: 24d3bdb5d14edc05674f5ab069dfe6eb8d9493aad8249499b224df8b27e5974a
                                                                                                                                                                                • Opcode Fuzzy Hash: 2f46acbb793d594536fcd92f0b31b94e09b13200943238bc954e9602ba2dfd6b
                                                                                                                                                                                • Instruction Fuzzy Hash: 19F01D31008A119FDB60AB29ED04B92BFE0BF09725F14475EE4FA915F0EB70A804DB14
                                                                                                                                                                                Function 00BE9023 Relevance: 4.1, Strings: 3, Instructions: 390COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: AI_EXIST_INSTANCES$AI_EXIST_NEW_INSTANCES$MultipleInstancesProps
                                                                                                                                                                                • API String ID: 0-1712414938
                                                                                                                                                                                • Opcode ID: 0aad34f096b44584a00ceed94ff620b23672fc005207fb6934e557068f6cdfd5
                                                                                                                                                                                • Instruction ID: 6ebb4a1a469096222cca6f5a1922fc9af79a060e0bd84096f46e12913d5774ad
                                                                                                                                                                                • Opcode Fuzzy Hash: 0aad34f096b44584a00ceed94ff620b23672fc005207fb6934e557068f6cdfd5
                                                                                                                                                                                • Instruction Fuzzy Hash: 3FF1D371D002499FDF08DFA4C899BEEBBB1EF55314F24829CE105B7291D7746A88CB91
                                                                                                                                                                                Function 00D35F00 Relevance: 4.1, Strings: 3, Instructions: 314COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: ) AND ( $Show$gfff
                                                                                                                                                                                • API String ID: 0-344708357
                                                                                                                                                                                • Opcode ID: b68dad300180224dd79cfd3501caee17935342b959ac3e229b31a4e56a620801
                                                                                                                                                                                • Instruction ID: 42bfdd4ce70e01cee7966c579fcad40acf2598a2b588614aed0abed009e7382d
                                                                                                                                                                                • Opcode Fuzzy Hash: b68dad300180224dd79cfd3501caee17935342b959ac3e229b31a4e56a620801
                                                                                                                                                                                • Instruction Fuzzy Hash: C1D17971905258DFDB24CF68C845BAEBBF1BF45304F1486DDE449AB281DB70AA84CFA1
                                                                                                                                                                                Function 00BE8E20 Relevance: 4.0, Strings: 3, Instructions: 271COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Init_thread_footer
                                                                                                                                                                                • String ID: AI_EXIST_NEW_INSTANCES$MultipleInstances$MultipleInstancesProps
                                                                                                                                                                                • API String ID: 1385522511-2502364140
                                                                                                                                                                                • Opcode ID: a6784d0e05bbbf51652e25a1c311ddc6c66076ec6a293f0278fc4be8c04413d4
                                                                                                                                                                                • Instruction ID: 32cc7c1ddc02da7d38fd0c710ade42fe198f79d99bbd9d384bcb32b3c0f12c83
                                                                                                                                                                                • Opcode Fuzzy Hash: a6784d0e05bbbf51652e25a1c311ddc6c66076ec6a293f0278fc4be8c04413d4
                                                                                                                                                                                • Instruction Fuzzy Hash: 11B15C70D00288EFDB04DFA4C945BDEBBF1EF59314F244299E115BB291DBB46A88CB91
                                                                                                                                                                                Function 00DA0040 Relevance: 3.4, APIs: 2, Instructions: 449COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 832ffafa89fc57beda716dce77b95418215a364c390a83f0d99b221e7f9869f1
                                                                                                                                                                                • Instruction ID: 6af9f0e50b3da18f21862ec822da0507d6a2d76bd4a85bbf3212b73b66a84339
                                                                                                                                                                                • Opcode Fuzzy Hash: 832ffafa89fc57beda716dce77b95418215a364c390a83f0d99b221e7f9869f1
                                                                                                                                                                                • Instruction Fuzzy Hash: 84F14F71E012199FDF14CFA8C8806ADBBB1FF89314F198269E915EB390D730AD45CBA4
                                                                                                                                                                                Function 00BEF9F0 Relevance: 3.3, APIs: 2, Instructions: 258windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SendMessageW.USER32(?,0000102B,00000000,00000001), ref: 00BEFB1B
                                                                                                                                                                                • SendMessageW.USER32(?,0000102B,?,-00000002), ref: 00BEFD05
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                • Opcode ID: 4f3999b36a4ba7b652253ca31f6f692859b36a5b29c32bd2d1b5edf28449b5a2
                                                                                                                                                                                • Instruction ID: d39980dcbd1d6162ed88b731da367422136fdcb1044cd2f9f528e0a29d02bb43
                                                                                                                                                                                • Opcode Fuzzy Hash: 4f3999b36a4ba7b652253ca31f6f692859b36a5b29c32bd2d1b5edf28449b5a2
                                                                                                                                                                                • Instruction Fuzzy Hash: 06B18F71A00286AFCB18DF25C995BB9FBF5FF59304F1482A9E859DB281D734A940CB90
                                                                                                                                                                                Function 00CDFDA0 Relevance: 3.1, APIs: 2, Instructions: 134windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FormatMessageW.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000,3B919AFF,?,00000000), ref: 00CDFDEB
                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 00CDFDF5
                                                                                                                                                                                  • Part of subcall function 00BCA850: RtlAllocateHeap.NTDLL(?,00000000,?,3B919AFF,00000000,00DB7F70,000000FF,?,?,00E9F01C,?,00D219F5,8000000B), ref: 00BCA89A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocateErrorFormatHeapLastMessage
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4114510652-0
                                                                                                                                                                                • Opcode ID: 90dd178b3462774008581c6494c50677bdf57332616de5b46242f4d5ff5a7445
                                                                                                                                                                                • Instruction ID: f7918df16958d96103b6e88d581a84060c626f29f3c824feb5c2f6b1e643c9d7
                                                                                                                                                                                • Opcode Fuzzy Hash: 90dd178b3462774008581c6494c50677bdf57332616de5b46242f4d5ff5a7445
                                                                                                                                                                                • Instruction Fuzzy Hash: 6241E171A002189FEB14CFA9D805BAEF7F8FB44714F1442AEEA16E7781D7B55E008790
                                                                                                                                                                                Function 00CDC3D0 Relevance: 3.1, APIs: 2, Instructions: 126COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1c315434fabe1ad474399a9ea953a79d6ccc621db09d1e7655fced0adc264e64
                                                                                                                                                                                • Instruction ID: a98e8b4a2d6ab2c8d77378d0eb95deb3748b97cbe62584037c145530b71b6ff5
                                                                                                                                                                                • Opcode Fuzzy Hash: 1c315434fabe1ad474399a9ea953a79d6ccc621db09d1e7655fced0adc264e64
                                                                                                                                                                                • Instruction Fuzzy Hash: 8341CF3190164A9FDB24DF69CD95BED73A4EF00320F14826EED25AB2D1EB74AE04DB50
                                                                                                                                                                                Function 00C340A0 Relevance: 3.1, APIs: 2, Instructions: 75COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetWindowLongW.USER32(00000000,000000FC), ref: 00C3410F
                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000FC,?), ref: 00C3411D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LongWindow
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1378638983-0
                                                                                                                                                                                • Opcode ID: 5dcbfef3709875e9f745495091517063c16cb6816ab318f98a8e283dabac17fe
                                                                                                                                                                                • Instruction ID: 263bba47a46ba52153eeded862a14a3b64473aa054eeffa79719c5a0c2edfff0
                                                                                                                                                                                • Opcode Fuzzy Hash: 5dcbfef3709875e9f745495091517063c16cb6816ab318f98a8e283dabac17fe
                                                                                                                                                                                • Instruction Fuzzy Hash: 40319E71A04605EFCB14DF69C944B9AFBB4FF09320F144369E464A76E0D731AE54CB90
                                                                                                                                                                                Function 00CDE270 Relevance: 3.1, APIs: 2, Instructions: 71fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,3B919AFF,?,00000000,00000000,00000000,00DF82FD,000000FF), ref: 00CDE2D8
                                                                                                                                                                                • FindClose.KERNEL32(00000000,?,3B919AFF,?,00000000,00000000,00000000,00DF82FD,000000FF), ref: 00CDE322
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2295610775-0
                                                                                                                                                                                • Opcode ID: 8e2756d75511965618b5373017ae093bf245023850a1f847be780967ecc179b6
                                                                                                                                                                                • Instruction ID: abe9fef16328efda0a9d0e4ce21251ee9653da176bdf4e26e94031b82d08c3a6
                                                                                                                                                                                • Opcode Fuzzy Hash: 8e2756d75511965618b5373017ae093bf245023850a1f847be780967ecc179b6
                                                                                                                                                                                • Instruction Fuzzy Hash: 092183719006499FD710DF58CD49BAEB7B4FF84724F10426AF925A72D0DB745A08CB94
                                                                                                                                                                                Function 00BFDA20 Relevance: 3.0, APIs: 2, Instructions: 10COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __set_se_translator.LIBVCRUNTIME ref: 00BFDA25
                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_0011B960), ref: 00BFDA3B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionFilterUnhandled__set_se_translator
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2480343447-0
                                                                                                                                                                                • Opcode ID: e9ef732c9abca49a8e28b3765529e4006723e96ee43d5c699efac5ae7e5dd052
                                                                                                                                                                                • Instruction ID: bc1639c506537ef5d09f57a9b6c9cfb5217055e841e1a9df21ba8eb89cd46a72
                                                                                                                                                                                • Opcode Fuzzy Hash: e9ef732c9abca49a8e28b3765529e4006723e96ee43d5c699efac5ae7e5dd052
                                                                                                                                                                                • Instruction Fuzzy Hash: B5D01260A4838DEFD7119765E9567747ED0D767704F09449EE642223A2DBB12CCC9323
                                                                                                                                                                                Function 00C37500 Relevance: 2.0, Strings: 1, Instructions: 729COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionRaise__floor_pentium4
                                                                                                                                                                                • String ID: unordered_map/set too long
                                                                                                                                                                                • API String ID: 996205981-306623848
                                                                                                                                                                                • Opcode ID: e0c049ef8183c11b31e23820440fecaf535c112758f23955510e1d82117e07af
                                                                                                                                                                                • Instruction ID: 12e99c5031b15a90eca2cf51d440ce6d4db12b41a85a3299d22d8379ce10c703
                                                                                                                                                                                • Opcode Fuzzy Hash: e0c049ef8183c11b31e23820440fecaf535c112758f23955510e1d82117e07af
                                                                                                                                                                                • Instruction Fuzzy Hash: 8B42C5B1A146099FCB14DF69C981AADF7F5FF48310F14836AE815EB391D770AA11CBA0
                                                                                                                                                                                Function 00DAAEF1 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00DAAEEC,?,?,00000008,?,?,00DB60D7,00000000), ref: 00DAB11E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionRaise
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3997070919-0
                                                                                                                                                                                • Opcode ID: 95d73ec30bd82b6e98429f635474f8801e9211a0306b53cc3c460e48a43f6cdb
                                                                                                                                                                                • Instruction ID: 55345b8615f8b2b83fab2452ba8543ce1db19a50430f960569fcb2a9254716a4
                                                                                                                                                                                • Opcode Fuzzy Hash: 95d73ec30bd82b6e98429f635474f8801e9211a0306b53cc3c460e48a43f6cdb
                                                                                                                                                                                • Instruction Fuzzy Hash: 63B15E31610608DFD719CF18C496B657BA0FF06364F298659E8E9CF2A2C335E992CB50
                                                                                                                                                                                Function 00BD5BE0 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetSysColor.USER32(00000008), ref: 00BD5D83
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Color
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2811717613-0
                                                                                                                                                                                • Opcode ID: a85f6bf4a656e8e95b2bcd9d4d5722aebb1bca54ae9a9d9420e4f8126772ab2c
                                                                                                                                                                                • Instruction ID: 14cba76602457a789a2cc81a71ab829f144bf8f866ec0a838eed0197f700cde1
                                                                                                                                                                                • Opcode Fuzzy Hash: a85f6bf4a656e8e95b2bcd9d4d5722aebb1bca54ae9a9d9420e4f8126772ab2c
                                                                                                                                                                                • Instruction Fuzzy Hash: CC7118B1801B48CFE720CF78C94478ABBF0BB05324F144A5DD4A99B3D0D3B96608CB91
                                                                                                                                                                                Function 00BE8270 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • NtdllDefWindowProc_W.NTDLL(?,-00002000,?,?,00BE69C7,?,?,?,?,?,?,?,?,00BE6838,?,?), ref: 00BE82C0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: NtdllProc_Window
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4255912815-0
                                                                                                                                                                                • Opcode ID: a3cb0cb0c8a8f08c53c5823c967a7eae509ea4e5e40db861d62d152763f38af3
                                                                                                                                                                                • Instruction ID: 29d2dc5f9ed2893acde908bd0d3d92e8e833e1f50edf5b25f408b009e08d7f27
                                                                                                                                                                                • Opcode Fuzzy Hash: a3cb0cb0c8a8f08c53c5823c967a7eae509ea4e5e40db861d62d152763f38af3
                                                                                                                                                                                • Instruction Fuzzy Hash: 35F0E2300088C5CED3018B54C848A6ABBE6FB44301F4845E5E64CCA0A0CB35DD48CF14
                                                                                                                                                                                Function 00DACE19 Relevance: .6, Instructions: 637COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 49473d78f793709f103f0757a2ab57a45797a9c3c3fd24e85ce5392c380e0a20
                                                                                                                                                                                • Instruction ID: fbec9283ecff09acae5285871257e5f2e1900c03146d52ae9833ab34576d3c43
                                                                                                                                                                                • Opcode Fuzzy Hash: 49473d78f793709f103f0757a2ab57a45797a9c3c3fd24e85ce5392c380e0a20
                                                                                                                                                                                • Instruction Fuzzy Hash: DF320632D29F514DD7239A35CC22335A29AAFB73D4F15D727F81AB5EA9EB28C4834110
                                                                                                                                                                                Function 00D98A2C Relevance: .4, Instructions: 388COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8ff264c047396432cfa65ce98ee5d8a1eb889fd97d568848f41988369c2f951c
                                                                                                                                                                                • Instruction ID: f8c6d38e244d40e5995a494adaab2c473e6d82fc385d10cf00465d7e6918cbcf
                                                                                                                                                                                • Opcode Fuzzy Hash: 8ff264c047396432cfa65ce98ee5d8a1eb889fd97d568848f41988369c2f951c
                                                                                                                                                                                • Instruction Fuzzy Hash: 53E1CF706006058FCF24CF68C490AAEB7F1FF46B14B284A5ED5969B291DB31ED42EB71
                                                                                                                                                                                Function 00C7EF50 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9b7fb344dfc285393af3e51604880aafd526aa666914f4f240def45c75bf507a
                                                                                                                                                                                • Instruction ID: a6aa859a3464c8b8e4bf8b7d9d82ee366360e548ad08978de2dc6528dfb3e891
                                                                                                                                                                                • Opcode Fuzzy Hash: 9b7fb344dfc285393af3e51604880aafd526aa666914f4f240def45c75bf507a
                                                                                                                                                                                • Instruction Fuzzy Hash: 0F4106B0905B85EED704CF69C50878AFBF0BB09318F20825DD4589B781D3BAA658CFD4
                                                                                                                                                                                Function 00BDEE70 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f27206987275efc330dffbdd2e22a4657b4682717403ca3b146e199ceb0df0cb
                                                                                                                                                                                • Instruction ID: d470b12598aa094a8d08e9dc65f56810dd8c308e11e4ce8da0c139dfa6ebbdcc
                                                                                                                                                                                • Opcode Fuzzy Hash: f27206987275efc330dffbdd2e22a4657b4682717403ca3b146e199ceb0df0cb
                                                                                                                                                                                • Instruction Fuzzy Hash: D131D0B1405B84CEE321CF29C658747BFF0BB05718F108A4DD4E65BB91D3BAA508CB91
                                                                                                                                                                                Function 00BD8280 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f512e8b524a053026cd1d687ad3c01e14745b6db35006e29651c593eac6882a6
                                                                                                                                                                                • Instruction ID: c853e9b5d5ef5b0efa9dc381818982dd215fc09acdb90ed0bb47334d764c74ec
                                                                                                                                                                                • Opcode Fuzzy Hash: f512e8b524a053026cd1d687ad3c01e14745b6db35006e29651c593eac6882a6
                                                                                                                                                                                • Instruction Fuzzy Hash: 4B2149B1804788CFD710CF69C94478ABBF4FB49314F11869ED455AB791E3B5AA48CB90
                                                                                                                                                                                Function 00BD8840 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 78c1be814fa362284a72ff764db8fc33cb121d5a3a3af328c8a51afba5496125
                                                                                                                                                                                • Instruction ID: f2c5075f8e8aadd9a624cc1cb51d0807e35ee0f37d5f2b5b0ddc2c1e79c122f3
                                                                                                                                                                                • Opcode Fuzzy Hash: 78c1be814fa362284a72ff764db8fc33cb121d5a3a3af328c8a51afba5496125
                                                                                                                                                                                • Instruction Fuzzy Hash: 542138B1804788CFD710CF69C94478ABBF4FB09314F11869ED455AB791E3B5AA08CB90
                                                                                                                                                                                Function 00BF5D40 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3d8561f76a339c736a0bb0cf4a4551c74c3ec95486142ee4c2a165011d97159e
                                                                                                                                                                                • Instruction ID: 35680f8ad16dce4163d102ab0f674ef1fee1b3e2fc2c71dc701b9e12447c6626
                                                                                                                                                                                • Opcode Fuzzy Hash: 3d8561f76a339c736a0bb0cf4a4551c74c3ec95486142ee4c2a165011d97159e
                                                                                                                                                                                • Instruction Fuzzy Hash: 2E1100B1905208DFC740CF58D944749BBF4FB09728F20829EE8189B381D3769A0ACF84
                                                                                                                                                                                Function 00DAA0DB Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ebd470afad3a28cb13ea82b49b4e588f0e24f4c54ec6832f6f37c057be4b13dc
                                                                                                                                                                                • Instruction ID: 2cecf3b00b3faba09a4443759d85060faf16214b0ec55b86f98b7e00adf15096
                                                                                                                                                                                • Opcode Fuzzy Hash: ebd470afad3a28cb13ea82b49b4e588f0e24f4c54ec6832f6f37c057be4b13dc
                                                                                                                                                                                • Instruction Fuzzy Hash: 36F03031611324AFCB16CB4CD956A59B3A8EB4AB61F51415AF501EB291C774ED00C7E1
                                                                                                                                                                                Function 00DAA11F Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 52a31a1b2c87d20f6f1ccd6e3f5e56cdbfee1b29986efbea090f4dac1cf3a30c
                                                                                                                                                                                • Instruction ID: 18abfb510df2e264a8e149f63b7e4c889f8c4ea6a17ed25d78c194e2dac16c32
                                                                                                                                                                                • Opcode Fuzzy Hash: 52a31a1b2c87d20f6f1ccd6e3f5e56cdbfee1b29986efbea090f4dac1cf3a30c
                                                                                                                                                                                • Instruction Fuzzy Hash: ABE08C72911228EBCB14DB9CC95498AF3ECEB46B00F150596F501D3200C270DE00C7F0
                                                                                                                                                                                Function 00D9B5D7 Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 16a962eb7063aa5dac9a286c1eb4be0eb6ad47394398426903ba7e2235a18e8e
                                                                                                                                                                                • Instruction ID: 6ab3ff7b61c9876a50778bb4a642550e624e3bd4a65895eb1f63bed17ab981ba
                                                                                                                                                                                • Opcode Fuzzy Hash: 16a962eb7063aa5dac9a286c1eb4be0eb6ad47394398426903ba7e2235a18e8e
                                                                                                                                                                                • Instruction Fuzzy Hash: E7C08C34200A804BCF298918D3B23A67354F392792F8A048EC9020BA83EB1EDC82D631
                                                                                                                                                                                Function 00BD7BC0 Relevance: 35.5, APIs: 19, Strings: 1, Instructions: 460stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RedrawWindow.USER32(?,00000000,00000000,00000507,3B919AFF), ref: 00BD7C4E
                                                                                                                                                                                • IsWindow.USER32(?), ref: 00BD7C60
                                                                                                                                                                                • GetParent.USER32(?), ref: 00BD7CA1
                                                                                                                                                                                • GetClassNameW.USER32(00000000,?,00000008), ref: 00BD7CAE
                                                                                                                                                                                • lstrcmpW.KERNEL32(?,#32770), ref: 00BD7CC1
                                                                                                                                                                                • GetSysColor.USER32(00000005), ref: 00BD7CD6
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$ClassColorNameParentRedrawlstrcmp
                                                                                                                                                                                • String ID: #32770
                                                                                                                                                                                • API String ID: 4237080057-463685578
                                                                                                                                                                                • Opcode ID: 2f3e9b5bf5463e0e971a0407b82c94e9a0faaf46581a989fceb19dc7f83480a4
                                                                                                                                                                                • Instruction ID: 03f938193e83435861ad74a648ac855940c95c13ed9492195f2d92575a8a8603
                                                                                                                                                                                • Opcode Fuzzy Hash: 2f3e9b5bf5463e0e971a0407b82c94e9a0faaf46581a989fceb19dc7f83480a4
                                                                                                                                                                                • Instruction Fuzzy Hash: E9028D71A04208EFDB14CFA4C948BEEBBF5EF49314F14819AF405AB390EB75A944CB60
                                                                                                                                                                                Function 00CE61C0 Relevance: 28.4, APIs: 9, Strings: 7, Instructions: 414libraryloaderthreadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(00EAC5D0,3B919AFF,00000000), ref: 00CE6363
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00EAC5D0,3B919AFF,?), ref: 00CE6378
                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 00CE6385
                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 00CE6393
                                                                                                                                                                                • LoadLibraryA.KERNEL32(Dbghelp.dll,SymFromAddr,00000000), ref: 00CE642D
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00CE6434
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00CE6448
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,*** Stack Trace (x86) ***,0000001F,?,?,?,00000000), ref: 00CE667E
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00EAC5D0,?,00000000), ref: 00CE67BC
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$Current$AddressEnterHandleInit_thread_footerInitializeLeaveLibraryLoadModuleProcProcessThread
                                                                                                                                                                                • String ID: *** Stack Trace (x86) ***$ v$<--------------------MORE--FRAMES-------------------->$Dbghelp.dll$MODULE_BASE_ADDRESS$SymFromAddr$[0x%.8Ix]
                                                                                                                                                                                • API String ID: 1326996155-981128330
                                                                                                                                                                                • Opcode ID: 4e8a82a56d22376069c0ac15200ce0cac3f9b9e82d07088c92f9f8200878cd62
                                                                                                                                                                                • Instruction ID: c75263568c8b2bb6a923a3dcb292ba068ba5cf6d63daff6dea895ee1f7efef30
                                                                                                                                                                                • Opcode Fuzzy Hash: 4e8a82a56d22376069c0ac15200ce0cac3f9b9e82d07088c92f9f8200878cd62
                                                                                                                                                                                • Instruction Fuzzy Hash: 98F131719102989FDB24DF24CC88BAEBBB4EF55300F1042E9E519A7291DB746F88CF60
                                                                                                                                                                                Function 00CE62F0 Relevance: 28.3, APIs: 9, Strings: 7, Instructions: 296libraryloaderthreadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(00EAC5D0,3B919AFF,00000000), ref: 00CE6363
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00EAC5D0,3B919AFF,?), ref: 00CE6378
                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 00CE6385
                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 00CE6393
                                                                                                                                                                                • LoadLibraryA.KERNEL32(Dbghelp.dll,SymFromAddr,00000000), ref: 00CE642D
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00CE6434
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00CE6448
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,*** Stack Trace (x86) ***,0000001F,?,?,?,00000000), ref: 00CE667E
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00EAC5D0,?,00000000), ref: 00CE67BC
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$Current$AddressEnterHandleInit_thread_footerInitializeLeaveLibraryLoadModuleProcProcessThread
                                                                                                                                                                                • String ID: *** Stack Trace (x86) ***$ v$<--------------------MORE--FRAMES-------------------->$Dbghelp.dll$MODULE_BASE_ADDRESS$SymFromAddr$[0x%.8Ix]
                                                                                                                                                                                • API String ID: 1326996155-981128330
                                                                                                                                                                                • Opcode ID: 5fd5eb3730c7567b0d4676d92880037565d56884efd60eaa6e626da5e8e26c91
                                                                                                                                                                                • Instruction ID: 63546c90f2228d1cf889f5ba5791d0a90a67bbb50245235359bbea78cba85864
                                                                                                                                                                                • Opcode Fuzzy Hash: 5fd5eb3730c7567b0d4676d92880037565d56884efd60eaa6e626da5e8e26c91
                                                                                                                                                                                • Instruction Fuzzy Hash: 9FD1DD719106989FDB20DF24CC89BEEBBB4AF59305F1041DAE509B7291DB746B88CF60
                                                                                                                                                                                Function 00CE8910 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDlgItem.USER32(?,000001F6), ref: 00CE895E
                                                                                                                                                                                • GetDlgItem.USER32(?,000001F8), ref: 00CE896B
                                                                                                                                                                                • GetDlgItem.USER32(?,000001F7), ref: 00CE89AD
                                                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00CE89BC
                                                                                                                                                                                • ShowWindow.USER32(?,00000005), ref: 00CE8A22
                                                                                                                                                                                • GetDlgItem.USER32(?,000001F7), ref: 00CE8A44
                                                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00CE8A53
                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 00CE8AB8
                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 00CE8ABF
                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000616), ref: 00CE8B08
                                                                                                                                                                                • GetDlgItem.USER32(?,00000000), ref: 00CE8B3A
                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 00CE8B44
                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,?,?,?,?,00000014,?,00000000,?,?,00000616), ref: 00CE8B91
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Item$Show$Text
                                                                                                                                                                                • String ID: Details <<$Details >>
                                                                                                                                                                                • API String ID: 2476474966-3763984547
                                                                                                                                                                                • Opcode ID: 44e3abcd1b0d33e86cefb14b6a30d9ea3bcc2d44f6927501633291b716d915a7
                                                                                                                                                                                • Instruction ID: ce01705e20676e3964c5ec4ffc5a6c6fe14d3bdb79428ee1be77afff69b95e53
                                                                                                                                                                                • Opcode Fuzzy Hash: 44e3abcd1b0d33e86cefb14b6a30d9ea3bcc2d44f6927501633291b716d915a7
                                                                                                                                                                                • Instruction Fuzzy Hash: 199190B1D00209AFDF14DF69DC85BAEBBB5EF09310F244219F515B7690DB30A995CBA0
                                                                                                                                                                                Function 00BF6970 Relevance: 25.7, APIs: 17, Instructions: 178windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • BeginPaint.USER32(?,?,3B919AFF,?), ref: 00BF69C0
                                                                                                                                                                                • SendMessageW.USER32(?,00000318,00000000,00000004), ref: 00BF69D7
                                                                                                                                                                                • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 00BF69E5
                                                                                                                                                                                • SendMessageW.USER32(?,00001304,00000000,00000000), ref: 00BF69FF
                                                                                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00BF6A17
                                                                                                                                                                                • SendMessageW.USER32(?,0000130A,00000000,?), ref: 00BF6A48
                                                                                                                                                                                • CreateRectRgn.GDI32(?,?,?,?), ref: 00BF6A82
                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00BF6A99
                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00BF6AB5
                                                                                                                                                                                • CreateRectRgn.GDI32(00000000,00000000,?,?), ref: 00BF6AE0
                                                                                                                                                                                • CreateRectRgn.GDI32(?,?,?,?), ref: 00BF6AFD
                                                                                                                                                                                • SelectClipRgn.GDI32(00000000,00000000), ref: 00BF6B14
                                                                                                                                                                                • GetParent.USER32(?), ref: 00BF6B24
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000136,?,?), ref: 00BF6B35
                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00BF6B4B
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00BF6B50
                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 00BF6B5F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageRectSend$Create$DeleteObject$Paint$BeginClientClipParentSelect
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3183909887-0
                                                                                                                                                                                • Opcode ID: d3f645f9c1ed6ce9410fd4a47445ef288b9c8b409360ccd6bb5236a3f3f38644
                                                                                                                                                                                • Instruction ID: ca579e212e92a80a6450881985df6bba40f20717c4ce52fbb9407ff586f1a0bc
                                                                                                                                                                                • Opcode Fuzzy Hash: d3f645f9c1ed6ce9410fd4a47445ef288b9c8b409360ccd6bb5236a3f3f38644
                                                                                                                                                                                • Instruction Fuzzy Hash: 7C611472A04218AFDB11DBE5CC49FAEBBB9FF49700F100159FA15BB2A0D7746945CB60
                                                                                                                                                                                Function 00CE8600 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 132windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00CDFF30: LoadLibraryW.KERNEL32(ComCtl32.dll,3B919AFF,?,00000000,00000000), ref: 00CDFF6E
                                                                                                                                                                                  • Part of subcall function 00CDFF30: GetProcAddress.KERNEL32(00000000,LoadIconMetric), ref: 00CDFF91
                                                                                                                                                                                  • Part of subcall function 00CDFF30: FreeLibrary.KERNEL32(00000000), ref: 00CE000F
                                                                                                                                                                                • GetDlgItem.USER32(?,000001F4), ref: 00CE8641
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000170,00000000,00000000), ref: 00CE8652
                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00CE865A
                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000), ref: 00CE8661
                                                                                                                                                                                • MulDiv.KERNEL32(00000009,00000000), ref: 00CE866A
                                                                                                                                                                                • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,Courier New), ref: 00CE8693
                                                                                                                                                                                • GetDlgItem.USER32(?,000001F6), ref: 00CE86A4
                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 00CE86AD
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000030,?,00000000), ref: 00CE86C4
                                                                                                                                                                                • GetDlgItem.USER32(?,000001F8), ref: 00CE86CE
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00CE86DF
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00CE86F2
                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00CE8702
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$ItemRect$LibraryMessageSend$AddressCapsCreateDeviceFontFreeLoadProc
                                                                                                                                                                                • String ID: Courier New
                                                                                                                                                                                • API String ID: 1731048342-2572734833
                                                                                                                                                                                • Opcode ID: c43f081ccb0395e0408595d3ff66f87ba912937994023a57d92e297aab2747c8
                                                                                                                                                                                • Instruction ID: 0b60b8d973c1b159f4548e2cc9527d39b7c046aea106ba3969b4bb387d75e01c
                                                                                                                                                                                • Opcode Fuzzy Hash: c43f081ccb0395e0408595d3ff66f87ba912937994023a57d92e297aab2747c8
                                                                                                                                                                                • Instruction Fuzzy Hash: BA41D771B84308BFEB14AF269C46FAE7699EF49B04F01061DFB097A1D1DAB0B8448B54
                                                                                                                                                                                Function 00BF5200 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 229windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateWindowExW.USER32(00000000,tooltips_class32,00000000,80000063,80000000,80000000,80000000,80000000,?,00000000,00000000,3B919AFF), ref: 00BF5288
                                                                                                                                                                                  • Part of subcall function 00BD72B0: SetWindowLongW.USER32(?,000000FC,00000000), ref: 00BD72E6
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,0000002C), ref: 00BF538B
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000439,00000000,0000002C), ref: 00BF539F
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000421,00000003,?), ref: 00BF53B4
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000418,00000000,0000012C), ref: 00BF53C9
                                                                                                                                                                                • GetWindowTextLengthW.USER32(?), ref: 00BF53D0
                                                                                                                                                                                • SendMessageW.USER32(?,000000D6,-00000001,00000000), ref: 00BF53E0
                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 00BF5400
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00BF5412
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000412,00000000), ref: 00BF5474
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000411,00000001,0000002C), ref: 00BF5484
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$Window$ClientCreateLengthLongRectScreenText
                                                                                                                                                                                • String ID: ,$tooltips_class32
                                                                                                                                                                                • API String ID: 1006066172-3856767331
                                                                                                                                                                                • Opcode ID: ce18163cb4e8a1e2be46168bf499c3d06ced1765d200b8f8b412f2ef412e4307
                                                                                                                                                                                • Instruction ID: f319c517da550aae42af9c7c5489f063e0fda73630766dc8168b6474cb9721c8
                                                                                                                                                                                • Opcode Fuzzy Hash: ce18163cb4e8a1e2be46168bf499c3d06ced1765d200b8f8b412f2ef412e4307
                                                                                                                                                                                • Instruction Fuzzy Hash: 99913371A00208AFDB14DFA5CC95FAEBBF9FB09700F10452AF656EB290D774A908CB50
                                                                                                                                                                                Function 00BFB200 Relevance: 21.4, APIs: 4, Strings: 8, Instructions: 358libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000000,?,?,00000043), ref: 00BFB328
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,InitializeEmbeddedUI), ref: 00BFB341
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000043,ShutdownEmbeddedUI), ref: 00BFB34D
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000043,EmbeddedUIHandler), ref: 00BFB35A
                                                                                                                                                                                  • Part of subcall function 00BCA850: RtlAllocateHeap.NTDLL(?,00000000,?,3B919AFF,00000000,00DB7F70,000000FF,?,?,00E9F01C,?,00D219F5,8000000B), ref: 00BCA89A
                                                                                                                                                                                  • Part of subcall function 00BCAB90: GetProcessHeap.KERNEL32 ref: 00BCABE5
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCAC17
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCACA2
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressProc$HeapInit_thread_footer$AllocateLibraryLoadProcess
                                                                                                                                                                                • String ID: build $20.2.1$EmbeddedUIHandler$INAN$InitializeEmbeddedUI$SELECT `Data` FROM `Binary` WHERE `Name` = 'InstallerAnalytics.dll'$ShutdownEmbeddedUI$b066527d
                                                                                                                                                                                • API String ID: 2564778481-3828485712
                                                                                                                                                                                • Opcode ID: 3ef154c7399360e20379f6d08c89564042cd1e19e3ffeaeb7be1c4995953f7a4
                                                                                                                                                                                • Instruction ID: 883ae3b91b76c57a0c1d3a2757b2c9f3d79bc96073bee915687dfe40623c2c34
                                                                                                                                                                                • Opcode Fuzzy Hash: 3ef154c7399360e20379f6d08c89564042cd1e19e3ffeaeb7be1c4995953f7a4
                                                                                                                                                                                • Instruction Fuzzy Hash: F2D19F719002099FDB04DFA8CD45FAEBBF5FF48314F14466DE915A7291EB74AA08CBA0
                                                                                                                                                                                Function 00BCE620 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 233libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryW.KERNEL32(combase.dll,RoGetActivationFactory), ref: 00BCE62E
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,combase.dll), ref: 00BCE634
                                                                                                                                                                                • LoadLibraryW.KERNEL32(combase.dll,CoIncrementMTAUsage,?,?), ref: 00BCE667
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,combase.dll), ref: 00BCE66D
                                                                                                                                                                                • LoadLibraryW.KERNEL32(?,.dll,00000004,-00000001,00000000,Function_0026329C,00000000,00000000,00000000), ref: 00BCE78D
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,DllGetActivationFactory), ref: 00BCE7D6
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                • String ID: .dll$CoIncrementMTAUsage$DllGetActivationFactory$RoGetActivationFactory$combase.dll
                                                                                                                                                                                • API String ID: 2574300362-2454113998
                                                                                                                                                                                • Opcode ID: 32dac7006015c12fc204cc6b89bf72abb77f8e9072cd11e5cd6dcc8831e0a6f5
                                                                                                                                                                                • Instruction ID: 538a1c9758d90f995df0efec1568d268ac3141ec09b86fea0713bc28ad812d03
                                                                                                                                                                                • Opcode Fuzzy Hash: 32dac7006015c12fc204cc6b89bf72abb77f8e9072cd11e5cd6dcc8831e0a6f5
                                                                                                                                                                                • Instruction Fuzzy Hash: 3E916871E10209DFDB14EFA8D895FADBBF1EF58700F2481ADE421A7290DB749A44CB60
                                                                                                                                                                                Function 00BD5E70 Relevance: 21.1, APIs: 14, Instructions: 139windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • BeginPaint.USER32(?,?), ref: 00BD5E96
                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00BD5EAE
                                                                                                                                                                                • FillRect.USER32(00000000,?,00000000), ref: 00BD5ECD
                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00BD5ED4
                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 00BD5EE2
                                                                                                                                                                                • BeginPaint.USER32(?,?), ref: 00BD5F17
                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00BD5F2F
                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00BD5F48
                                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 00BD5F55
                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00BD5F67
                                                                                                                                                                                • FillRect.USER32(00000000,?,00000000), ref: 00BD5F90
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00BD5F9A
                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00BD5FE2
                                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 00BD5FE9
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ObjectRect$DeletePaint$BeginClientCompatibleCreateFillSelect$Bitmap
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 939394624-0
                                                                                                                                                                                • Opcode ID: 20bd0759fca4e2cd0ccfd90184f1874a4ccda20ca932c5819ce6dae36f91cc5e
                                                                                                                                                                                • Instruction ID: 95513d2bd3b99f99b290958ae33d6504b0840193ca1ce6ff9edb4944881e86cf
                                                                                                                                                                                • Opcode Fuzzy Hash: 20bd0759fca4e2cd0ccfd90184f1874a4ccda20ca932c5819ce6dae36f91cc5e
                                                                                                                                                                                • Instruction Fuzzy Hash: 28418E72108705AFD321DF65DC48F6BBBE8EB8D701F000929F696D62A0DB71E808CB21
                                                                                                                                                                                Function 00BF3E00 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 124windowstringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetObjectW.GDI32(00000000,0000005C,?), ref: 00BF3E44
                                                                                                                                                                                • SendMessageW.USER32(?,0000043A,00000000,00000074), ref: 00BF3E75
                                                                                                                                                                                • lstrcpynW.KERNEL32(?,?,00000020), ref: 00BF3EEB
                                                                                                                                                                                • GetDC.USER32(?), ref: 00BF3F0E
                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000), ref: 00BF3F15
                                                                                                                                                                                • MulDiv.KERNEL32(?,00000048,00000000), ref: 00BF3F28
                                                                                                                                                                                • SendMessageW.USER32(?,00000444,00000000,00000074), ref: 00BF3F5A
                                                                                                                                                                                • GetObjectW.GDI32(00000000,0000005C,?), ref: 00BF3F80
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00BF3F96
                                                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 00BF3FB2
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Object$MessageSend$CapsCreateDeleteDeviceFontIndirectlstrcpyn
                                                                                                                                                                                • String ID: ?$t
                                                                                                                                                                                • API String ID: 498247171-1995845436
                                                                                                                                                                                • Opcode ID: 87798022104f525be0a8d8e9a16e56a0a9d4e09e6431d6a9eb919d6c5503577b
                                                                                                                                                                                • Instruction ID: efe7344cf38578dee061cb2c3efaf0e9b35ba6bb25a85293bc19245f63d4dc3d
                                                                                                                                                                                • Opcode Fuzzy Hash: 87798022104f525be0a8d8e9a16e56a0a9d4e09e6431d6a9eb919d6c5503577b
                                                                                                                                                                                • Instruction Fuzzy Hash: C85161B1908340AFE721DF61DC49B9BBBE8EF89701F00491DF299D61A1D774E508CB62
                                                                                                                                                                                Function 00BE01F0 Relevance: 18.3, APIs: 12, Instructions: 337windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00BE0244
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00BE0323
                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00BE0335
                                                                                                                                                                                • GetWindowDC.USER32(?), ref: 00BE0347
                                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 00BE0374
                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(00000000), ref: 00BE03B6
                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00BE03C5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: RectWindow$CompatibleCreate$BitmapClientObjectSelect
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2032541772-0
                                                                                                                                                                                • Opcode ID: 2ed7ccda18052a5d4fdf0e3f88709cb5d1e0d8cb83dd679c63e2f7d7cf821d18
                                                                                                                                                                                • Instruction ID: ea77dba5c3013f0dacd1ce0cc6b2ddd2166f0136c0860e23e9215fe4c46cd488
                                                                                                                                                                                • Opcode Fuzzy Hash: 2ed7ccda18052a5d4fdf0e3f88709cb5d1e0d8cb83dd679c63e2f7d7cf821d18
                                                                                                                                                                                • Instruction Fuzzy Hash: 79E14771D04658DFDB20DFA9CD48B9EBBF8EF59700F204299E849B7251E7706A84CB60
                                                                                                                                                                                Function 00D11450 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 319synchronizationfileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00BCAB90: GetProcessHeap.KERNEL32 ref: 00BCABE5
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCAC17
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCACA2
                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?,00000000,?,?,?,?), ref: 00D1175A
                                                                                                                                                                                  • Part of subcall function 00BCA140: FindResourceW.KERNEL32(00000000,?,00000006,00000000,00000000,00000000,00BCA2B8,-00000010,?,00000000), ref: 00BCA163
                                                                                                                                                                                  • Part of subcall function 00BCA850: RtlAllocateHeap.NTDLL(?,00000000,?,3B919AFF,00000000,00DB7F70,000000FF,?,?,00E9F01C,?,00D219F5,8000000B), ref: 00BCA89A
                                                                                                                                                                                • ResetEvent.KERNEL32(00000000,3B919AFF,?,?,00000000,00E022FD,000000FF,?,80004005), ref: 00D117EF
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF,?,?,00000000,00E022FD,000000FF,?,80004005), ref: 00D1180F
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000,00E022FD,000000FF,?,80004005), ref: 00D1181A
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: HeapInit_thread_footerObjectSingleWait$AllocateDeleteEventFileFindProcessResetResource
                                                                                                                                                                                • String ID: TEST$http://www.example.com$http://www.google.com$http://www.yahoo.com$tin9999.tmp
                                                                                                                                                                                • API String ID: 3248508590-625802988
                                                                                                                                                                                • Opcode ID: 1d2c8fbd76cc0c3d7f0b7475d838795a9ef7aecf1b65c987aea50cee5e1d4ced
                                                                                                                                                                                • Instruction ID: 157d431fbe50eb798186db8ef7aa63311e6afe853e908d8ef09260c4864706a6
                                                                                                                                                                                • Opcode Fuzzy Hash: 1d2c8fbd76cc0c3d7f0b7475d838795a9ef7aecf1b65c987aea50cee5e1d4ced
                                                                                                                                                                                • Instruction Fuzzy Hash: 5CC1C075901249EFDB10DF68EC05BEEB7B4EF45310F1882A9E916A72D1DB709A44CBA0
                                                                                                                                                                                Function 00BD5A10 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 119COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00EAE7BC,3B919AFF,00000000,?,?,?,?,?,?,00BD523E,00DBB23D,000000FF), ref: 00BD5A4D
                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00BD5AC8
                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00BD5B6E
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00EAE7BC), ref: 00BD5BC3
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalCursorLoadSection$EnterLeave
                                                                                                                                                                                • String ID: v$AtlAxWin140$AtlAxWinLic140$WM_ATLGETCONTROL$WM_ATLGETHOST
                                                                                                                                                                                • API String ID: 3727441302-4127849342
                                                                                                                                                                                • Opcode ID: 5ef0aa4a42860770ab30e0f2196bed2ba87c8fa399679ed3be99ed228f10b280
                                                                                                                                                                                • Instruction ID: 8df1910f639867e50876e5178af3914d535dc05ad710ef996e0ea087b3638bca
                                                                                                                                                                                • Opcode Fuzzy Hash: 5ef0aa4a42860770ab30e0f2196bed2ba87c8fa399679ed3be99ed228f10b280
                                                                                                                                                                                • Instruction Fuzzy Hash: 045103B1D053189FDB11CFA5DD44BAEBFF8BB09314F10015AE454B7390EBB569088BA1
                                                                                                                                                                                Function 00CBD0B0 Relevance: 15.2, APIs: 10, Instructions: 189windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • BeginPaint.USER32(?,?,3B919AFF,?), ref: 00CBD113
                                                                                                                                                                                • CallWindowProcW.USER32(?,?,?,?,?), ref: 00CBD136
                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00CBD1B4
                                                                                                                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 00CBD1C2
                                                                                                                                                                                • SetTextColor.GDI32(00000000), ref: 00CBD207
                                                                                                                                                                                • GetWindowLongW.USER32(00000000), ref: 00CBD21B
                                                                                                                                                                                • SendMessageW.USER32(00000000), ref: 00CBD239
                                                                                                                                                                                • DrawTextW.USER32(00000000,00000010,?,?,00000010), ref: 00CBD288
                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00CBD294
                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 00CBD2A5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ObjectPaintSelectTextWindow$BeginCallColorDrawLongMessageModeProcSend
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1755490345-0
                                                                                                                                                                                • Opcode ID: 8c58fb8aadffd2ac680653ab16b80365a89b76c9ab71a2449f1e4c6c9da83896
                                                                                                                                                                                • Instruction ID: 82b00676b5488a8b566e5b32c4ff1a7accee9cce0d4175c8bcf4499f85079bd4
                                                                                                                                                                                • Opcode Fuzzy Hash: 8c58fb8aadffd2ac680653ab16b80365a89b76c9ab71a2449f1e4c6c9da83896
                                                                                                                                                                                • Instruction Fuzzy Hash: 15719B71A00248AFEB00CFE8CC48FADBBB5FF49310F108259F555AB2A5DB70A955CB50
                                                                                                                                                                                Function 00CE8440 Relevance: 15.2, APIs: 10, Instructions: 155COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EB), ref: 00CE8451
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00CE84A9
                                                                                                                                                                                • EndDialog.USER32(?,00000000), ref: 00CE8529
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DeleteDialogLongObjectWindow
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1328495006-0
                                                                                                                                                                                • Opcode ID: eaa6fb40ac218157347281588dcb59d040272ae72cafcb4a6cd1df5245c1f6f4
                                                                                                                                                                                • Instruction ID: 760a0ef31ff0db69f00908d69fef9823bb5cda41fe30f7aa9caf05a4ac12b7f1
                                                                                                                                                                                • Opcode Fuzzy Hash: eaa6fb40ac218157347281588dcb59d040272ae72cafcb4a6cd1df5245c1f6f4
                                                                                                                                                                                • Instruction Fuzzy Hash: 6641E4327182141BD6349E2EAC09B7A3B9CDB89331F00072AFD69D62D0CE61ED15DAA0
                                                                                                                                                                                Function 00C75DF0 Relevance: 15.1, APIs: 10, Instructions: 127windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 00C75E6A
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00C75E82
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00C75E9A
                                                                                                                                                                                • IntersectRect.USER32(?,?,?), ref: 00C75EB7
                                                                                                                                                                                • EqualRect.USER32(?,?), ref: 00C75EC7
                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00C75EDD
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00C75F06
                                                                                                                                                                                • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 00C75F1B
                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00C75F2A
                                                                                                                                                                                • SetBrushOrgEx.GDI32(?,?,?,00000000), ref: 00C75F48
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Rect$Brush$ColorEqualIntersectLongPointsVisible
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2158939716-0
                                                                                                                                                                                • Opcode ID: 6d125b8fbd201718a52496e30a62bbee9fc1bbb872a0d0b8318089702c4b8838
                                                                                                                                                                                • Instruction ID: 1eb99b6eaafc8981240eff477f97d02fcefa682b780f55c72d937efa72af9396
                                                                                                                                                                                • Opcode Fuzzy Hash: 6d125b8fbd201718a52496e30a62bbee9fc1bbb872a0d0b8318089702c4b8838
                                                                                                                                                                                • Instruction Fuzzy Hash: F0417D32A083059FC710DF25DD84A5BB7E8FF9D704F04462DF999A3251E730EA458B52
                                                                                                                                                                                Function 00BD9710 Relevance: 15.1, APIs: 10, Instructions: 95windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDC.USER32(?), ref: 00BD9751
                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00BD9778
                                                                                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 00BD9788
                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00BD97A9
                                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 00BD97B6
                                                                                                                                                                                • FillRect.USER32(?,?,00000006), ref: 00BD97FA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CompatibleCreateRect$BitmapClientDeleteFill
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1262984673-0
                                                                                                                                                                                • Opcode ID: 8078a5b085c8c2e69a75a9331e4891dafdacc54f11e7e3598330327f7373ff35
                                                                                                                                                                                • Instruction ID: 79037737d0d35faf5977b77e4df17091e0e008191db6aa3f5f64b09289afa783
                                                                                                                                                                                • Opcode Fuzzy Hash: 8078a5b085c8c2e69a75a9331e4891dafdacc54f11e7e3598330327f7373ff35
                                                                                                                                                                                • Instruction Fuzzy Hash: 7E31B2B25082059FD715DF29DC88B6BBBE8FF89704F04085EF8C692261E7319C44CB62
                                                                                                                                                                                Function 00BD3D40 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 266memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00BD3D85
                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 00BD3D99
                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00BD3DD4
                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00BD3E2A
                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00BD3E34
                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00BD3E3E
                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00BD3E4B
                                                                                                                                                                                  • Part of subcall function 00BCA850: RtlAllocateHeap.NTDLL(?,00000000,?,3B919AFF,00000000,00DB7F70,000000FF,?,?,00E9F01C,?,00D219F5,8000000B), ref: 00BCA89A
                                                                                                                                                                                Strings
                                                                                                                                                                                • <body><h3 style="color:green;">Error loading resource:</h3><p style="white-space:nowrap">"%s"</p></body>, xrefs: 00BD3ECB
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Variant$Clear$AllocAllocateHeapInitString
                                                                                                                                                                                • String ID: <body><h3 style="color:green;">Error loading resource:</h3><p style="white-space:nowrap">"%s"</p></body>
                                                                                                                                                                                • API String ID: 1547307772-1571955069
                                                                                                                                                                                • Opcode ID: 03192730139091abba7c55433e9f4fb72a74cfe71f32d90202e28b0f66fd4d8a
                                                                                                                                                                                • Instruction ID: 0922dfd0e08bd7c52551df16132ba9667c16abd7cf22dcadff154abcc2a43c5c
                                                                                                                                                                                • Opcode Fuzzy Hash: 03192730139091abba7c55433e9f4fb72a74cfe71f32d90202e28b0f66fd4d8a
                                                                                                                                                                                • Instruction Fuzzy Hash: 3F916B71900249EFCB00DFA8CC44B9EFBF9FF49714F14866AE415A7291E774AA44CBA1
                                                                                                                                                                                Function 00BD9050 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 151threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetLastError.KERNEL32(0000000E,3B919AFF,?,?,00000000,?), ref: 00BD908E
                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00BD90CF
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00EAE7BC), ref: 00BD90EF
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00EAE7BC), ref: 00BD9113
                                                                                                                                                                                • CreateWindowExW.USER32(00000000,00000000,00000000,00EAE7BC,?,80000000,00000000,80000000,00000000,00000000,00000000), ref: 00BD916E
                                                                                                                                                                                  • Part of subcall function 00D8FA13: GetProcessHeap.KERNEL32(00000008,00000008,?,00BD72C7,?,?,00BD7074,?), ref: 00D8FA18
                                                                                                                                                                                  • Part of subcall function 00D8FA13: HeapAlloc.KERNEL32(00000000,?,?,00BD7074,?), ref: 00D8FA1F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalHeapSection$AllocCreateCurrentEnterErrorLastLeaveProcessThreadWindow
                                                                                                                                                                                • String ID: v$AXWIN UI Window$K
                                                                                                                                                                                • API String ID: 213679520-929514671
                                                                                                                                                                                • Opcode ID: c81d79a5e743aecd0d2a28617b9a29c8aaef240ac49dba5d72c7deada6a5cac5
                                                                                                                                                                                • Instruction ID: a37ecd16027e2d7e9cc2dcdd0715369f0b156d7340ae5bb75d4d8638b1905451
                                                                                                                                                                                • Opcode Fuzzy Hash: c81d79a5e743aecd0d2a28617b9a29c8aaef240ac49dba5d72c7deada6a5cac5
                                                                                                                                                                                • Instruction Fuzzy Hash: 7751A076A00315AFDB10CF59ED05B9ABBF4FB89714F10816AF914A7380E7B1A814CBA1
                                                                                                                                                                                Function 00DB5E22 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,00DB6BAF), ref: 00DB5E3B
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DecodePointer
                                                                                                                                                                                • String ID: acos$asin$exp$log$log10$pow$sqrt
                                                                                                                                                                                • API String ID: 3527080286-3064271455
                                                                                                                                                                                • Opcode ID: eb30fc508462711dad47b314b7da48e26a1767fdbea53f991eaf40c0e706cbb3
                                                                                                                                                                                • Instruction ID: 957622d0206697817facd379d54f25a708fad7294969f6a59521032d36f40039
                                                                                                                                                                                • Opcode Fuzzy Hash: eb30fc508462711dad47b314b7da48e26a1767fdbea53f991eaf40c0e706cbb3
                                                                                                                                                                                • Instruction Fuzzy Hash: 27515F70900A0ACBCF109F59E9486FDBFB1FF49304F144145E492A6268C775C995DF65
                                                                                                                                                                                Function 00BC26E0 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 135COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(00EA948C,00000000,3B919AFF,00000000,00DF4033,000000FF,?,3B919AFF), ref: 00BC2853
                                                                                                                                                                                • GetLastError.KERNEL32(?,3B919AFF), ref: 00BC285D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CountCriticalErrorInitializeLastSectionSpin
                                                                                                                                                                                • String ID: Y$VolumeCostAvailable$VolumeCostDifference$VolumeCostRequired$VolumeCostSize$VolumeCostVolume
                                                                                                                                                                                • API String ID: 439134102-2489257328
                                                                                                                                                                                • Opcode ID: 8d6b07cfc6768e04aba6db34c87dff2e2b2382367f0ed8f84e16fb0de8645e41
                                                                                                                                                                                • Instruction ID: c1f23cd9ba62d78299d2829e5fd3a7c1fc9985e1395be4ee4159b0f38fe9cc1f
                                                                                                                                                                                • Opcode Fuzzy Hash: 8d6b07cfc6768e04aba6db34c87dff2e2b2382367f0ed8f84e16fb0de8645e41
                                                                                                                                                                                • Instruction Fuzzy Hash: 0551C0B1900608DFDB00DF65D885BAEBBF4EB4D714F00426EE425B7391E775A908CBA1
                                                                                                                                                                                Function 00D93BE0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00D93C17
                                                                                                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 00D93C1F
                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00D93CA8
                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00D93CD3
                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00D93D28
                                                                                                                                                                                • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 00D93D3E
                                                                                                                                                                                • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00D93D53
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record___vcrt_initialize_locks___vcrt_uninitialize_locks
                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                • API String ID: 1385549066-1018135373
                                                                                                                                                                                • Opcode ID: 34b12d78291dfa2473157a4f7b4c9e8c64667a2311821e3c9873fa8c3f324af0
                                                                                                                                                                                • Instruction ID: f960a99fe4a899dd69db464b2bf205cb4fff1c73c033ab06ea38cd5c736382a3
                                                                                                                                                                                • Opcode Fuzzy Hash: 34b12d78291dfa2473157a4f7b4c9e8c64667a2311821e3c9873fa8c3f324af0
                                                                                                                                                                                • Instruction Fuzzy Hash: 4C41C334A00619AFCF10DF68C895A9EBBB5FF45314F148195E814AB392D731DB06CBB1
                                                                                                                                                                                Function 00CDDF20 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 108processsynchronizationCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • Wow64DisableWow64FsRedirection.KERNEL32(00000000,3B919AFF,?,?), ref: 00CDDF67
                                                                                                                                                                                • CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,3B919AFF,00DF822D), ref: 00CDDFDF
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00CDDFF0
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00DF822D,000000FF), ref: 00CDE00C
                                                                                                                                                                                • GetExitCodeProcess.KERNEL32(00DF822D,00000000), ref: 00CDE01D
                                                                                                                                                                                • CloseHandle.KERNEL32(00DF822D), ref: 00CDE027
                                                                                                                                                                                • Wow64RevertWow64FsRedirection.KERNEL32(00000000), ref: 00CDE042
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Wow64$ProcessRedirection$CloseCodeCreateDisableErrorExitHandleLastObjectRevertSingleWait
                                                                                                                                                                                • String ID: D
                                                                                                                                                                                • API String ID: 1153077990-2746444292
                                                                                                                                                                                • Opcode ID: 93f7f1afb0b36102cc5aadd2ad160df0f98727f3f4be16f94960bf4228762369
                                                                                                                                                                                • Instruction ID: 7bdfb32198ec9d9e7fb491b80726b2ecf2f7767926588b9e0b3ddbfd7f861dd0
                                                                                                                                                                                • Opcode Fuzzy Hash: 93f7f1afb0b36102cc5aadd2ad160df0f98727f3f4be16f94960bf4228762369
                                                                                                                                                                                • Instruction Fuzzy Hash: 37418C71E04389AFDB10CFA5DD447EEBBF8AF49304F14825AE925B7290DB749A44CB60
                                                                                                                                                                                Function 00C05BF0 Relevance: 14.0, APIs: 9, Instructions: 469synchronizationthreadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,00C05DA0,00E27FA8,00000000,?), ref: 00C05D1A
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00C05D33
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00C05D49
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseCreateHandleObjectSingleThreadWait
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 51348343-0
                                                                                                                                                                                • Opcode ID: b83938e7a339b27a532dd7863ba8dbfb276a529ffe8a838c167553edadcfcee7
                                                                                                                                                                                • Instruction ID: 866d2eaeb2eb9939e3998721f957e46c356148a652f69e9615d135458f67f56a
                                                                                                                                                                                • Opcode Fuzzy Hash: b83938e7a339b27a532dd7863ba8dbfb276a529ffe8a838c167553edadcfcee7
                                                                                                                                                                                • Instruction Fuzzy Hash: BC026B70D00249DFDB14DFA8C945BAEBBB8FF45314F2082ADE415AB291DB749A44CFA1
                                                                                                                                                                                Function 00C8E520 Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 342COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00C8E7C5
                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,00EAE9A4,00000000), ref: 00C8E7FC
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00C8E891
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Init_thread_footer$InfoParametersSystem
                                                                                                                                                                                • String ID: AI_FRAME_NO_CAPTION_$Dialog$Xu$`Dialog` = '
                                                                                                                                                                                • API String ID: 3910108132-2773411972
                                                                                                                                                                                • Opcode ID: ac83708ac6a514a433eea6f961908006b655b230606d1456e67218263d5fe2ca
                                                                                                                                                                                • Instruction ID: 607fb58233bb8fe8044bec1a2de72045e2ab6f1c53816d2da1030dc51806498a
                                                                                                                                                                                • Opcode Fuzzy Hash: ac83708ac6a514a433eea6f961908006b655b230606d1456e67218263d5fe2ca
                                                                                                                                                                                • Instruction Fuzzy Hash: 4BD1CD71A00204DFCB14DF68DD85B9EBBB1EF89314F248269E815BB391D770BA09CB91
                                                                                                                                                                                Function 00BC96A0 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 230COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00BC9785
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00BC97D0
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Init_thread_footer
                                                                                                                                                                                • String ID: </a>$<a href="$<a>$h$h
                                                                                                                                                                                • API String ID: 1385522511-3989131236
                                                                                                                                                                                • Opcode ID: faffe3b39a0f7de17a436f4e9453f8dee3534a6906278c5ec316f44bc6038341
                                                                                                                                                                                • Instruction ID: f9531bc066661dbfc75c89f467fcaf3742a7c1b43c90f0a79b76c60e43171ece
                                                                                                                                                                                • Opcode Fuzzy Hash: faffe3b39a0f7de17a436f4e9453f8dee3534a6906278c5ec316f44bc6038341
                                                                                                                                                                                • Instruction Fuzzy Hash: 58916B70A00704EFDB14DF68D859BADB7F1FB49314F10429DE425AB2D1EB70A945CBA0
                                                                                                                                                                                Function 00BD0EC0 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 221libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00BD0F61
                                                                                                                                                                                  • Part of subcall function 00D90328: EnterCriticalSection.KERNEL32(00EA7DCC,?,?,00BCACA7,00EA89FC,00E15FA0), ref: 00D90332
                                                                                                                                                                                  • Part of subcall function 00D90328: LeaveCriticalSection.KERNEL32(00EA7DCC,?,00BCACA7,00EA89FC,00E15FA0), ref: 00D90365
                                                                                                                                                                                  • Part of subcall function 00D90328: RtlWakeAllConditionVariable.NTDLL ref: 00D903DC
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(Kernel32.dll,GetTempPath2W), ref: 00BD0FAA
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00BD0FB1
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00BD0FC5
                                                                                                                                                                                  • Part of subcall function 00D90372: EnterCriticalSection.KERNEL32(00EA7DCC,?,?,?,00BCAC36,00EA89FC,3B919AFF,?,?,00DB84ED,000000FF,?,00D21851,3B919AFF,?,?), ref: 00D9037D
                                                                                                                                                                                  • Part of subcall function 00D90372: LeaveCriticalSection.KERNEL32(00EA7DCC,?,00BCAC36,00EA89FC,3B919AFF,?,?,00DB84ED,000000FF,?,00D21851,3B919AFF,?,?,00000000,?), ref: 00D903BA
                                                                                                                                                                                • GetTempPathW.KERNEL32(00000104,?,3B919AFF), ref: 00BD0FF2
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$EnterInit_thread_footerLeave$AddressConditionHandleModulePathProcTempVariableWake
                                                                                                                                                                                • String ID: GetTempPath2W$Kernel32.dll
                                                                                                                                                                                • API String ID: 3676318360-1983778095
                                                                                                                                                                                • Opcode ID: 24c7a231a7adf928c2a57dd781b652ffade88cce3da31426b6f591fc10cc4111
                                                                                                                                                                                • Instruction ID: c0aff5c87bb0666bd3b189f955ecfe4874d03e294814a61044d472daf8890c4a
                                                                                                                                                                                • Opcode Fuzzy Hash: 24c7a231a7adf928c2a57dd781b652ffade88cce3da31426b6f591fc10cc4111
                                                                                                                                                                                • Instruction Fuzzy Hash: 7981B6B1D00208EFDB20DF98DD85B9DB7F4EB09710F5046AAE515A7381EB746A44CBA1
                                                                                                                                                                                Function 00CDE070 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 166synchronizationCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ShellExecuteExW.SHELL32(0000003C), ref: 00CDE1E6
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00CDE1F7
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00CDE213
                                                                                                                                                                                • GetExitCodeProcess.KERNEL32(00000000,00DF82B7), ref: 00CDE224
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00CDE232
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseCodeErrorExecuteExitHandleLastObjectProcessShellSingleWait
                                                                                                                                                                                • String ID: <$open
                                                                                                                                                                                • API String ID: 1481985272-1930408713
                                                                                                                                                                                • Opcode ID: a1742ddbf62d80511216d53c197c2f638e81efa8b99e9e4093adfa9eacd9406d
                                                                                                                                                                                • Instruction ID: 42d5e00a056e5919326ad347e177278811a1083b31e8408419cf19459761a072
                                                                                                                                                                                • Opcode Fuzzy Hash: a1742ddbf62d80511216d53c197c2f638e81efa8b99e9e4093adfa9eacd9406d
                                                                                                                                                                                • Instruction Fuzzy Hash: 14615A71E006499FDB10DFA9C84879EBBB4FF49324F18825AE925AB3D1D7749E04CB90
                                                                                                                                                                                Function 00BDD0A0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 150fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00BDD18F
                                                                                                                                                                                  • Part of subcall function 00D90328: EnterCriticalSection.KERNEL32(00EA7DCC,?,?,00BCACA7,00EA89FC,00E15FA0), ref: 00D90332
                                                                                                                                                                                  • Part of subcall function 00D90328: LeaveCriticalSection.KERNEL32(00EA7DCC,?,00BCACA7,00EA89FC,00E15FA0), ref: 00D90365
                                                                                                                                                                                  • Part of subcall function 00D90328: RtlWakeAllConditionVariable.NTDLL ref: 00D903DC
                                                                                                                                                                                • CreateFileW.KERNEL32(00000000,40000000,00000001,00000000,00000002,00000080,00000000,?,3B919B01), ref: 00BDD1E3
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00BDD240
                                                                                                                                                                                  • Part of subcall function 00D90372: EnterCriticalSection.KERNEL32(00EA7DCC,?,?,?,00BCAC36,00EA89FC,3B919AFF,?,?,00DB84ED,000000FF,?,00D21851,3B919AFF,?,?), ref: 00D9037D
                                                                                                                                                                                  • Part of subcall function 00D90372: LeaveCriticalSection.KERNEL32(00EA7DCC,?,00BCAC36,00EA89FC,3B919AFF,?,?,00DB84ED,000000FF,?,00D21851,3B919AFF,?,?,00000000,?), ref: 00D903BA
                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,?,00000000,00000000,?), ref: 00BDD2A7
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,753CE610), ref: 00BDD2CD
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$CloseEnterFileHandleLeave$ConditionCreateInit_thread_footerVariableWakeWrite
                                                                                                                                                                                • String ID: aix$html
                                                                                                                                                                                • API String ID: 2030708724-2369804267
                                                                                                                                                                                • Opcode ID: c5c38ecd124f2801b28133c535e49f4edb6f0e4b874fae2a4b7b58384c341164
                                                                                                                                                                                • Instruction ID: 5c5ad7e3ce8b8c703ba6316c4c591f534f0edde86f5a3787ef940ba2a1e82a31
                                                                                                                                                                                • Opcode Fuzzy Hash: c5c38ecd124f2801b28133c535e49f4edb6f0e4b874fae2a4b7b58384c341164
                                                                                                                                                                                • Instruction Fuzzy Hash: CF618CB1900348DFEB14CFA5D949B9EBBF4FB49704F10415AE0117B390EBB96A48CBA1
                                                                                                                                                                                Function 00D235B0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 99libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SHGetSpecialFolderLocation.SHELL32(00000000,00000023,?,00EA94D0), ref: 00D235C0
                                                                                                                                                                                • LoadLibraryW.KERNEL32(Shell32.dll), ref: 00D235D3
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 00D235E3
                                                                                                                                                                                • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 00D2366C
                                                                                                                                                                                • SHGetMalloc.SHELL32(?), ref: 00D236AE
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressFolderFromLibraryListLoadLocationMallocPathProcSpecial
                                                                                                                                                                                • String ID: SHGetSpecialFolderPathW$Shell32.dll
                                                                                                                                                                                • API String ID: 2352187698-2988203397
                                                                                                                                                                                • Opcode ID: 74c596507cc80dac9bfd74f2e5195f281e5fb644cc7898c5702e110361316173
                                                                                                                                                                                • Instruction ID: 41d74bd1261f0af3ffa0f160ca92c1b07690b48cd1e28a3136f3713e41d7e606
                                                                                                                                                                                • Opcode Fuzzy Hash: 74c596507cc80dac9bfd74f2e5195f281e5fb644cc7898c5702e110361316173
                                                                                                                                                                                • Instruction Fuzzy Hash: 11313971600311AFDB249F14EC05B6777F9AFE4B06F48C42CE88587290EB75994A8BA1
                                                                                                                                                                                Function 00CBBEF0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 74libraryloaderwindowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00CBBF80
                                                                                                                                                                                  • Part of subcall function 00D90328: EnterCriticalSection.KERNEL32(00EA7DCC,?,?,00BCACA7,00EA89FC,00E15FA0), ref: 00D90332
                                                                                                                                                                                  • Part of subcall function 00D90328: LeaveCriticalSection.KERNEL32(00EA7DCC,?,00BCACA7,00EA89FC,00E15FA0), ref: 00D90365
                                                                                                                                                                                  • Part of subcall function 00D90328: RtlWakeAllConditionVariable.NTDLL ref: 00D903DC
                                                                                                                                                                                • GetProcAddress.KERNEL32(SetWindowTheme), ref: 00CBBFBD
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00CBBFD4
                                                                                                                                                                                • SendMessageW.USER32(000000EF,00001036,00010000,00010000), ref: 00CBBFFF
                                                                                                                                                                                  • Part of subcall function 00D90372: EnterCriticalSection.KERNEL32(00EA7DCC,?,?,?,00BCAC36,00EA89FC,3B919AFF,?,?,00DB84ED,000000FF,?,00D21851,3B919AFF,?,?), ref: 00D9037D
                                                                                                                                                                                  • Part of subcall function 00D90372: LeaveCriticalSection.KERNEL32(00EA7DCC,?,00BCAC36,00EA89FC,3B919AFF,?,?,00DB84ED,000000FF,?,00D21851,3B919AFF,?,?,00000000,?), ref: 00D903BA
                                                                                                                                                                                  • Part of subcall function 00C9A630: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00C9A671
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$EnterInit_thread_footerLeave$AddressConditionDirectoryMessageProcSendSystemVariableWake
                                                                                                                                                                                • String ID: SetWindowTheme$UxTheme.dll$explorer
                                                                                                                                                                                • API String ID: 3410024541-3123591815
                                                                                                                                                                                • Opcode ID: b4aecd4e2f921c60aef02fca5c5fa1ddb2584e44135d7d1c143efd8ba7bebe8e
                                                                                                                                                                                • Instruction ID: 0c6c617c088dd40d54c9ad129f44ade5d31e7bf0e5ec217127997291573cf0eb
                                                                                                                                                                                • Opcode Fuzzy Hash: b4aecd4e2f921c60aef02fca5c5fa1ddb2584e44135d7d1c143efd8ba7bebe8e
                                                                                                                                                                                • Instruction Fuzzy Hash: 87217E71A40704AFDB20DFA5EC46B997BA4FB4A720F144225F521B77D0D7B07A04CB65
                                                                                                                                                                                Function 00BE0050 Relevance: 12.1, APIs: 8, Instructions: 138COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00BE007A
                                                                                                                                                                                • GetWindow.USER32(?,00000005), ref: 00BE0087
                                                                                                                                                                                • GetWindow.USER32(00000000,00000002), ref: 00BE01C2
                                                                                                                                                                                  • Part of subcall function 00BDFED0: GetWindowRect.USER32(?,?), ref: 00BDFEFC
                                                                                                                                                                                  • Part of subcall function 00BDFED0: GetWindowRect.USER32(?,?), ref: 00BDFF0C
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00BE011B
                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00BE012B
                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00BE0145
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Rect
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3200805268-0
                                                                                                                                                                                • Opcode ID: b7af373ee31f647ba60605cf725180f321acb9a5b8cfd739cda920b3b5f667ef
                                                                                                                                                                                • Instruction ID: fbf9d1a441d9e22a2d245538b6e7e85ec31c6237109d94564f80f944f74a4673
                                                                                                                                                                                • Opcode Fuzzy Hash: b7af373ee31f647ba60605cf725180f321acb9a5b8cfd739cda920b3b5f667ef
                                                                                                                                                                                • Instruction Fuzzy Hash: 174190305147819FC311EF26C980A6BF7E9FF96700F544A5DF085A7561EB70E988CB52
                                                                                                                                                                                Function 00D8F8B1 Relevance: 12.1, APIs: 8, Instructions: 73memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,0000000D,00000000,?,00D8FA5B,00000000,?,?,00BD7074,?), ref: 00D8F8D5
                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,00BD7074,?), ref: 00D8F8DC
                                                                                                                                                                                  • Part of subcall function 00D8F9A7: IsProcessorFeaturePresent.KERNEL32(0000000C,00D8F8C3,00000000,?,00D8FA5B,00000000,?,?,00BD7074,?), ref: 00D8F9A9
                                                                                                                                                                                • InterlockedPopEntrySList.KERNEL32(00000000,00000000,?,00D8FA5B,00000000,?,?,00BD7074,?), ref: 00D8F8EC
                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,?,00BD7074,?), ref: 00D8F913
                                                                                                                                                                                • RaiseException.KERNEL32(C0000017,00000000,00000000,00000000,?,?,00BD7074,?), ref: 00D8F927
                                                                                                                                                                                • InterlockedPopEntrySList.KERNEL32(00000000,?,?,00BD7074,?), ref: 00D8F93A
                                                                                                                                                                                • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,00BD7074,?), ref: 00D8F94D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocEntryHeapInterlockedListVirtual$ExceptionFeatureFreePresentProcessProcessorRaise
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2460949444-0
                                                                                                                                                                                • Opcode ID: 8b60272c34b55b45dd705fb86218f077721b1b1f7691eb973a723d3ae3bc553e
                                                                                                                                                                                • Instruction ID: 4143f1157423a31a43a5da648af366fa1eedb95b583bbee2a25f6f1103a55437
                                                                                                                                                                                • Opcode Fuzzy Hash: 8b60272c34b55b45dd705fb86218f077721b1b1f7691eb973a723d3ae3bc553e
                                                                                                                                                                                • Instruction Fuzzy Hash: BB11B2B1601A11BFE7227B79AD48FBE7659EB49784F154431FA81F6160DA70DC088BB0
                                                                                                                                                                                Function 00CE0330 Relevance: 10.8, APIs: 7, Instructions: 346fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,3B919AFF), ref: 00CE03B9
                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00001000,?,00000000,00001000), ref: 00CE042B
                                                                                                                                                                                • ReadFile.KERNEL32(?,00000000,00001000,00000000,00000000,?,?,00000000), ref: 00CE06CC
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00CE072A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$Read$CloseCreateHandle
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1724936099-0
                                                                                                                                                                                • Opcode ID: dcfcc46175a001f482ace45b6c4af856aa07a8c3a5bfc84022114c071fd4fa7f
                                                                                                                                                                                • Instruction ID: 9475d30cda356df3fa36215ba4f3575347fe926dc0efb994b449baede8410569
                                                                                                                                                                                • Opcode Fuzzy Hash: dcfcc46175a001f482ace45b6c4af856aa07a8c3a5bfc84022114c071fd4fa7f
                                                                                                                                                                                • Instruction Fuzzy Hash: 71D19F71D00358DBDB20CFA5C949BAEBBB5BF45304F30821DE815AB281D7B4AA85CF91
                                                                                                                                                                                Function 00BDD310 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 285registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateEventW.KERNEL32(00000000,00000000,00000000,Caphyon.AI.ExtUI.IEClickSoundRemover,3B919AFF), ref: 00BDD3B1
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00BDD3DA
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,Function_0026329C,00000000,Function_0026329C,00000000,?,80000001,00000001,00000000,AppEvents\Schemes\Apps\Explorer\Navigating\.Current,00000033), ref: 00BDD64E
                                                                                                                                                                                • CloseHandle.KERNEL32(?,3B919AFF,?,?,00000000,00DBC7CD,000000FF,?,Function_0026329C,00000000,Function_0026329C,00000000,?,80000001,00000001,00000000), ref: 00BDD6DE
                                                                                                                                                                                Strings
                                                                                                                                                                                • AppEvents\Schemes\Apps\Explorer\Navigating\.Current, xrefs: 00BDD412
                                                                                                                                                                                • Caphyon.AI.ExtUI.IEClickSoundRemover, xrefs: 00BDD3A6
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Close$CreateErrorEventHandleLast
                                                                                                                                                                                • String ID: AppEvents\Schemes\Apps\Explorer\Navigating\.Current$Caphyon.AI.ExtUI.IEClickSoundRemover
                                                                                                                                                                                • API String ID: 1253123496-2079760225
                                                                                                                                                                                • Opcode ID: 6b1c3879074255b969fa9a6885672a7b439207d843a333d2479c33a8e8befdca
                                                                                                                                                                                • Instruction ID: 0ecdb4cbebd1adc15c75c14bd9eafb1149106f6f3cd96297a33bcaecb26f6f14
                                                                                                                                                                                • Opcode Fuzzy Hash: 6b1c3879074255b969fa9a6885672a7b439207d843a333d2479c33a8e8befdca
                                                                                                                                                                                • Instruction Fuzzy Hash: 10C19D70D00248DFDB14CF68C945BAEFBF5EF55304F24829DE459A7281EB74AA48CBA1
                                                                                                                                                                                Function 00BDB490 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 269COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00EA946C,3B919AFF,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00DBC0C5), ref: 00BDB4FA
                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(0000FFFF,00000104,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00DBC0C5), ref: 00BDB57A
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00EA9488,?,?,?,?,?,?,?,?,?,?,?,00000000,00DBC0C5,000000FF), ref: 00BDB733
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00EA9488,?,?,?,?,?,?,?,?,?,?,00000000,00DBC0C5,000000FF), ref: 00BDB754
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$Enter$FileLeaveModuleName
                                                                                                                                                                                • String ID: v
                                                                                                                                                                                • API String ID: 1807155316-3261393531
                                                                                                                                                                                • Opcode ID: d2eaf4014a76c138a77f8a107a03d87104480cb87b87d4c9f20af2b035347157
                                                                                                                                                                                • Instruction ID: ddbb9e212c3a1f4ce230484ecbc6fed20f1782eaa339c7a3f4483ff3ae57f150
                                                                                                                                                                                • Opcode Fuzzy Hash: d2eaf4014a76c138a77f8a107a03d87104480cb87b87d4c9f20af2b035347157
                                                                                                                                                                                • Instruction Fuzzy Hash: FBB15C71900249DFDB11CFA5D888BAEFBF4EB49314F15809AE405AB391DB75AD48CB60
                                                                                                                                                                                Function 00CDA1C0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 249registrylibraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(Advapi32.dll,3B919AFF,3B919AFF,?,?), ref: 00CDA404
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 00CDA414
                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,?,?), ref: 00CDA45D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressCloseHandleModuleProc
                                                                                                                                                                                • String ID: Advapi32.dll$RegOpenKeyTransactedW
                                                                                                                                                                                • API String ID: 4190037839-3913318428
                                                                                                                                                                                • Opcode ID: 2270cd898e939f701ca837633ad6b173f3acc50d2cdafbd7263e1d60a4b1d35a
                                                                                                                                                                                • Instruction ID: feec26a3518754b8227015ca34695fd271ccbf3f8890044c36c91cf509d49dd1
                                                                                                                                                                                • Opcode Fuzzy Hash: 2270cd898e939f701ca837633ad6b173f3acc50d2cdafbd7263e1d60a4b1d35a
                                                                                                                                                                                • Instruction Fuzzy Hash: 07A158B0D00308DFDB14CFA8C959B9EBBF5BF48300F14855AE515AB391DB74AA04CBA1
                                                                                                                                                                                Function 00BD0720 Relevance: 10.7, APIs: 7, Instructions: 204memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00BD0814
                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00BD0889
                                                                                                                                                                                • GetProcessHeap.KERNEL32(?,?), ref: 00BD08F9
                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?), ref: 00BD08FF
                                                                                                                                                                                • GetProcessHeap.KERNEL32(?,00000000,?,00000000,00000000,00000000,3B919AFF), ref: 00BD092C
                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000,3B919AFF), ref: 00BD0932
                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00BD094A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Free$Heap$String$Process
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2680101141-0
                                                                                                                                                                                • Opcode ID: c65c2c52b9a085ec7d8a032ee540ec5a0fb1302a2b10fb4da41be54e5113b4fd
                                                                                                                                                                                • Instruction ID: 4d778d4d950093bc2efff439ff64f5e12737d9dbc19a41f2d7516bcfbc560b9b
                                                                                                                                                                                • Opcode Fuzzy Hash: c65c2c52b9a085ec7d8a032ee540ec5a0fb1302a2b10fb4da41be54e5113b4fd
                                                                                                                                                                                • Instruction Fuzzy Hash: F6812B70D10219DBDF10EFA8C855BAEFBF4EF45314F1445AAE411AB381E7799A04CBA1
                                                                                                                                                                                Function 00BD8AF0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 157COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00EAE7BC,3B919AFF,00000000,00EAE7D8), ref: 00BD8B63
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00EAE7BC), ref: 00BD8BC8
                                                                                                                                                                                • LoadCursorW.USER32(00BC0000,?), ref: 00BD8C24
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00EAE7BC), ref: 00BD8CBB
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$Leave$CursorEnterLoad
                                                                                                                                                                                • String ID: v$ATL:%p
                                                                                                                                                                                • API String ID: 2080323225-109518622
                                                                                                                                                                                • Opcode ID: 2d2c5e0eeafa719942bcab45dd0428fe7402ff9e8a818d497c5c4fe97e09b2d3
                                                                                                                                                                                • Instruction ID: 7df7eb82be5be307baf5e2b503720f5e87a3f5bc781ba2fe4ade6e636dbb2993
                                                                                                                                                                                • Opcode Fuzzy Hash: 2d2c5e0eeafa719942bcab45dd0428fe7402ff9e8a818d497c5c4fe97e09b2d3
                                                                                                                                                                                • Instruction Fuzzy Hash: 29519B71904B48CFDB20CF69C9456AAFBF4FF19710F04465EE896A7790EB70B9848B60
                                                                                                                                                                                Function 00BE8100 Relevance: 10.6, APIs: 7, Instructions: 125COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetWindowDC.USER32(?,3B919AFF,?,00000000,?,?,?,?,?,00000000,00DBE445,000000FF,?,00BE7EC2,?,?), ref: 00BE8142
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00BE8161
                                                                                                                                                                                • IsWindowEnabled.USER32(?), ref: 00BE8170
                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00BE81CE
                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00BE8212
                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00BE8221
                                                                                                                                                                                • DeleteDC.GDI32(?), ref: 00BE8244
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ObjectWindow$DeleteSelect$EnabledRect
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2818206005-0
                                                                                                                                                                                • Opcode ID: 5dabfbfe785d79ad8af8bcf1ef43a9a03074c2eadea8eb926c17b22a582bd52c
                                                                                                                                                                                • Instruction ID: da207fca3e45b0934f9afc670b89ebce48cc08971098b2f40a3d98360fc84a86
                                                                                                                                                                                • Opcode Fuzzy Hash: 5dabfbfe785d79ad8af8bcf1ef43a9a03074c2eadea8eb926c17b22a582bd52c
                                                                                                                                                                                • Instruction Fuzzy Hash: 58416E71A04219AFDB10CFA6DD48BAEFBB9FB8D710F104259F945B3290CB346904CB60
                                                                                                                                                                                Function 00DA99E2 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00DA9AEF,?,?,?,00000000,00000000,?,00DA9D59,00000021,FlsSetValue,00E1CE7C,00E1CE84,?), ref: 00DA9AA3
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                • String ID: api-ms-$ext-ms-
                                                                                                                                                                                • API String ID: 3664257935-537541572
                                                                                                                                                                                • Opcode ID: c062a0d5819d5e52adcc03aff498c7e3456d6f0fa00e11ec6bd474695ecb0ec3
                                                                                                                                                                                • Instruction ID: ce25277ef6404899fe27ebbd7158f54e9bc5ed488903f11c4ee1a825dc8d7643
                                                                                                                                                                                • Opcode Fuzzy Hash: c062a0d5819d5e52adcc03aff498c7e3456d6f0fa00e11ec6bd474695ecb0ec3
                                                                                                                                                                                • Instruction Fuzzy Hash: D021E732A01215AFD7219B65DD61A9BB759EB477B0F394212F906F7290DB30EE04C6F0
                                                                                                                                                                                Function 00D8D1CE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00D8D249,00D8D1AC,00D8D44D), ref: 00D8D1E5
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00D8D1FB
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00D8D210
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressProc$HandleModule
                                                                                                                                                                                • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                                                                                • API String ID: 667068680-1718035505
                                                                                                                                                                                • Opcode ID: dcc3a22ce332262115be7962cd248ae6decd8dfaadb0db90c97bab25f228eba8
                                                                                                                                                                                • Instruction ID: 8df6b85038322591465bf00c9d8cdf51fdd33d77fa3701b3eac75fd75991d449
                                                                                                                                                                                • Opcode Fuzzy Hash: dcc3a22ce332262115be7962cd248ae6decd8dfaadb0db90c97bab25f228eba8
                                                                                                                                                                                • Instruction Fuzzy Hash: DEF0AF313413229F5B25BF665D997A637CAAF0BB503084039E881F62D0EE28CC8897B4
                                                                                                                                                                                Function 00BDFB90 Relevance: 9.2, APIs: 6, Instructions: 183windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • BeginPaint.USER32(?,?), ref: 00BDFC08
                                                                                                                                                                                • GetClientRect.USER32(?,00000000), ref: 00BDFC29
                                                                                                                                                                                • GetParent.USER32(?), ref: 00BDFC49
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000135,?,?), ref: 00BDFC59
                                                                                                                                                                                • FillRect.USER32(?,00000000,00000000), ref: 00BDFC67
                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 00BDFE0E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: PaintRect$BeginClientFillMessageParentSend
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 732421049-0
                                                                                                                                                                                • Opcode ID: 65175166930bc73e4fe7920efff0645a51483a20d5cf4128093f25ff2d065409
                                                                                                                                                                                • Instruction ID: 5e82f8d3e02a7134c4e65c7ff08867582ad83c188a963d14ef01e29562ea364b
                                                                                                                                                                                • Opcode Fuzzy Hash: 65175166930bc73e4fe7920efff0645a51483a20d5cf4128093f25ff2d065409
                                                                                                                                                                                • Instruction Fuzzy Hash: 62811870904219EFDB25CF64CD48BAABBF5FF09304F1081A9E54AA7251E770AE94CF50
                                                                                                                                                                                Function 00BFDE20 Relevance: 9.2, APIs: 6, Instructions: 153COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00BFDE6A
                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00BFDE8C
                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 00BFDEB4
                                                                                                                                                                                • __Getctype.LIBCPMT ref: 00BFDF95
                                                                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 00BFDFF7
                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 00BFE021
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1102183713-0
                                                                                                                                                                                • Opcode ID: 36d57894c29560a68c502d5123ec6da4e807a8490cc13ac29135a58cd1c3eb07
                                                                                                                                                                                • Instruction ID: e6a30770d34229ef0ca0388088dcc2c02f6dd4eb8978105198668a75a9a15348
                                                                                                                                                                                • Opcode Fuzzy Hash: 36d57894c29560a68c502d5123ec6da4e807a8490cc13ac29135a58cd1c3eb07
                                                                                                                                                                                • Instruction Fuzzy Hash: CD61D1B1C00609DFDB10DF68C941BAEB7F4FF15310F148299E945AB391E770AA48CBA1
                                                                                                                                                                                Function 00BFDC20 Relevance: 9.1, APIs: 6, Instructions: 140COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00BFDC5D
                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00BFDC7F
                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 00BFDCA7
                                                                                                                                                                                • __Getcoll.LIBCPMT ref: 00BFDD71
                                                                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 00BFDDB6
                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 00BFDDEE
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetcollRegister
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1184649410-0
                                                                                                                                                                                • Opcode ID: 9a20a2020171f6e8da2eed7627df209b7e1c738ec9686c74887fcf3bd3fa19f2
                                                                                                                                                                                • Instruction ID: 6d28a2dc77f83366b729394b874cfc64ab76d9a20c1faea5b9159e26748ab031
                                                                                                                                                                                • Opcode Fuzzy Hash: 9a20a2020171f6e8da2eed7627df209b7e1c738ec9686c74887fcf3bd3fa19f2
                                                                                                                                                                                • Instruction Fuzzy Hash: 41519FB1D00248EFDB01DF98D981BADFBF5FF54310F244199E805AB291DB74AA09CBA1
                                                                                                                                                                                Function 00BDBC10 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetObjectW.GDI32(00000000,0000005C,?), ref: 00BDBC9D
                                                                                                                                                                                • GetDC.USER32(?), ref: 00BDBCEC
                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00BDBCFB
                                                                                                                                                                                • ReleaseDC.USER32(00000000), ref: 00BDBD42
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CapsDeviceObjectRelease
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2638590286-0
                                                                                                                                                                                • Opcode ID: 70d7031d9d1c1079deabc4ed351332859fabea2ab4d67bf8792ed5a7598a35ea
                                                                                                                                                                                • Instruction ID: 502b988fc9ee672ead940df3b567e5cff91ab95d167d197a626e1a665cd2ca8b
                                                                                                                                                                                • Opcode Fuzzy Hash: 70d7031d9d1c1079deabc4ed351332859fabea2ab4d67bf8792ed5a7598a35ea
                                                                                                                                                                                • Instruction Fuzzy Hash: F65149B5A04349DFDB10DFA5C888BAEBBF8FF09311F11416AF955A7290E7349904CB60
                                                                                                                                                                                Function 00D91AE3 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00D91ADA,00D91AA6,?,?,00BFB0CD,00CDB340,?,00000008), ref: 00D91AF1
                                                                                                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00D91AFF
                                                                                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00D91B18
                                                                                                                                                                                • SetLastError.KERNEL32(00000000,00D91ADA,00D91AA6,?,?,00BFB0CD,00CDB340,?,00000008), ref: 00D91B6A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3852720340-0
                                                                                                                                                                                • Opcode ID: 9daa8f7eeb3b001dd45ab2506647e1478fa68b92350ca7786ae7ea6914a64b59
                                                                                                                                                                                • Instruction ID: 232aaa9a1b0d5e83f81dd74d31bf9cc61d93f983ffb019c8a8c74a2fc077d7e6
                                                                                                                                                                                • Opcode Fuzzy Hash: 9daa8f7eeb3b001dd45ab2506647e1478fa68b92350ca7786ae7ea6914a64b59
                                                                                                                                                                                • Instruction Fuzzy Hash: BE01473A20A3171EAF242BB6BCC59663749EB577787240329F620630E1FF515C096170
                                                                                                                                                                                Function 00D21120 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 244fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _wcsrchr.LIBVCRUNTIME ref: 00D21154
                                                                                                                                                                                  • Part of subcall function 00BCAB90: GetProcessHeap.KERNEL32 ref: 00BCABE5
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCAC17
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCACA2
                                                                                                                                                                                • DeleteFileW.KERNEL32(?), ref: 00D211FA
                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?), ref: 00D2132F
                                                                                                                                                                                  • Part of subcall function 00CDEFE0: CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,3B919AFF,00000001,75A8EB20,00000000), ref: 00CDF02F
                                                                                                                                                                                  • Part of subcall function 00CDEFE0: ReadFile.KERNEL32(00000000,?,000003FF,?,00000000,?,80000000,00000003,00000000,00000003,00000080,00000000,3B919AFF,00000001,75A8EB20,00000000), ref: 00CDF065
                                                                                                                                                                                  • Part of subcall function 00CE0270: LoadStringW.USER32(000000CA,?,00000514,3B919AFF), ref: 00CE01D6
                                                                                                                                                                                • _wcsrchr.LIBVCRUNTIME ref: 00D21269
                                                                                                                                                                                Strings
                                                                                                                                                                                • --verbose --log-file="%s" --remove-pack-file "%s" "%s", xrefs: 00D211AE
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$DeleteInit_thread_footer_wcsrchr$CreateHeapLoadProcessReadString
                                                                                                                                                                                • String ID: --verbose --log-file="%s" --remove-pack-file "%s" "%s"
                                                                                                                                                                                • API String ID: 675357196-3685554107
                                                                                                                                                                                • Opcode ID: d99b2ee75b52bcfb88ebc3bdb753a24dcde118797133a35cd80123f744bfcc95
                                                                                                                                                                                • Instruction ID: ad2465de9d5becc232604c9b8e3f7273d053961b899efe3b28f904716456841f
                                                                                                                                                                                • Opcode Fuzzy Hash: d99b2ee75b52bcfb88ebc3bdb753a24dcde118797133a35cd80123f744bfcc95
                                                                                                                                                                                • Instruction Fuzzy Hash: AF91A131A00609DFDB00DF68C845B9EBBF5EF65314F188299E815DB2A2EB35DD04CBA1
                                                                                                                                                                                Function 00BF6760 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 182windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateWindowExW.USER32(?,SysTabControl32,?,46010000,?,?,?,?,00000000,00000309,00000000), ref: 00BF685D
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 00BF6872
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 00BF687A
                                                                                                                                                                                  • Part of subcall function 00BCA850: RtlAllocateHeap.NTDLL(?,00000000,?,3B919AFF,00000000,00DB7F70,000000FF,?,?,00E9F01C,?,00D219F5,8000000B), ref: 00BCA89A
                                                                                                                                                                                  • Part of subcall function 00BF84B0: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00BF84FC
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$AllocateCreateHeapWindow
                                                                                                                                                                                • String ID: SysTabControl32$TabHost
                                                                                                                                                                                • API String ID: 2359350451-2872506973
                                                                                                                                                                                • Opcode ID: f3b1490eaf792c8cd1d61d7da47639fc4957c51f36fdf2909bc472f67493db76
                                                                                                                                                                                • Instruction ID: da9a41b44d4c1df0d473581f16b485435ec89f9d8ae90ce4dffc2f086ebe744a
                                                                                                                                                                                • Opcode Fuzzy Hash: f3b1490eaf792c8cd1d61d7da47639fc4957c51f36fdf2909bc472f67493db76
                                                                                                                                                                                • Instruction Fuzzy Hash: 91518C71A00609AFDB10DF69C844FAABBF4FF49710F1042ADE915AB390DB75AD04CBA5
                                                                                                                                                                                Function 00BCF046 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 150libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryW.KERNEL32(?,?,?,?,?,.dll,?,00000000), ref: 00BCF08B
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,DllGetActivationFactory), ref: 00BCF0D4
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,00000000,DllGetActivationFactory,00000002,00000000,?,?,?,?,?,.dll,?,00000000), ref: 00BCF122
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                • String ID: .dll$DllGetActivationFactory
                                                                                                                                                                                • API String ID: 145871493-1250754257
                                                                                                                                                                                • Opcode ID: a1bc056fe03abbe305206117d920e1b1b4a2d3dbaddc156795a320c79ba568db
                                                                                                                                                                                • Instruction ID: 7979a9c2fd7e5d8b337645158a2c19a40edb68c58456594df6d765b2a03d03ae
                                                                                                                                                                                • Opcode Fuzzy Hash: a1bc056fe03abbe305206117d920e1b1b4a2d3dbaddc156795a320c79ba568db
                                                                                                                                                                                • Instruction Fuzzy Hash: 6B514630D1020ADEDF15DFA8C895BEDBBF2EF58700F2481AEE411A7291DB745A49CB61
                                                                                                                                                                                Function 00BE34C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 113timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(3B919AFF,3B919AFF,?), ref: 00BE34FF
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,3B919AFF,?), ref: 00BE350C
                                                                                                                                                                                • KillTimer.USER32(?,00000001), ref: 00BE3554
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,00000000,?), ref: 00BE35E3
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$EnterInitializeKillLeaveTimer
                                                                                                                                                                                • String ID: v
                                                                                                                                                                                • API String ID: 3614119372-3261393531
                                                                                                                                                                                • Opcode ID: d7db56d4767a676b1f23b034ff448479363dd80a817842d9eec0eb950dcc9538
                                                                                                                                                                                • Instruction ID: efcc14d669b7341f7fe337cb1a966537ed2a07d5f850cc133de9b597344d1afe
                                                                                                                                                                                • Opcode Fuzzy Hash: d7db56d4767a676b1f23b034ff448479363dd80a817842d9eec0eb950dcc9538
                                                                                                                                                                                • Instruction Fuzzy Hash: 6E4115302047858FDB21CF39C844BAABBF1EF59710F1045A9E996D7391CB31EA19DBA0
                                                                                                                                                                                Function 00CBB9E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00CBBEF0: __Init_thread_footer.LIBCMT ref: 00CBBF80
                                                                                                                                                                                  • Part of subcall function 00CBBEF0: GetProcAddress.KERNEL32(SetWindowTheme), ref: 00CBBFBD
                                                                                                                                                                                  • Part of subcall function 00CBBEF0: __Init_thread_footer.LIBCMT ref: 00CBBFD4
                                                                                                                                                                                  • Part of subcall function 00CBBEF0: SendMessageW.USER32(000000EF,00001036,00010000,00010000), ref: 00CBBFFF
                                                                                                                                                                                • CreateWindowExW.USER32(80000000,SysListView32,?,00000000,00000000,80000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00CBBA32
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 00CBBA50
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 00CBBA58
                                                                                                                                                                                  • Part of subcall function 00BD72B0: SetWindowLongW.USER32(?,000000FC,00000000), ref: 00BD72E6
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$Init_thread_footerWindow$AddressCreateLongProc
                                                                                                                                                                                • String ID: SysListView32$K
                                                                                                                                                                                • API String ID: 605634508-2788021393
                                                                                                                                                                                • Opcode ID: 7445432ebcefd0278febe3101c8edfb81adc52ad32c4d360333f81a4f793207b
                                                                                                                                                                                • Instruction ID: 42b7df30f1e6ff6bae0b06105bfb91526f8183e88d69e59f56b9c3602eaf6bc0
                                                                                                                                                                                • Opcode Fuzzy Hash: 7445432ebcefd0278febe3101c8edfb81adc52ad32c4d360333f81a4f793207b
                                                                                                                                                                                • Instruction Fuzzy Hash: C3115A31304250AFD6209B168C05F9BFBAAEFCA750F014619FA44AB2A1C7B1BD00CAA1
                                                                                                                                                                                Function 00D9B5F9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,3B919AFF,?,?,00000000,00E15D89,000000FF,?,00D9B589,?,?,00D9B55D,?), ref: 00D9B62E
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00D9B640
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00000000,00E15D89,000000FF,?,00D9B589,?,?,00D9B55D,?), ref: 00D9B662
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                                • Opcode ID: a2d7c9d5af039a1c33e7fcc9c01e7a2e0662d6c7a0d54094207e9b6a6efaa203
                                                                                                                                                                                • Instruction ID: d6a862a83422faf9296aaa8ad529acf98dc3cf59a099d27ae3710a9287eb4c87
                                                                                                                                                                                • Opcode Fuzzy Hash: a2d7c9d5af039a1c33e7fcc9c01e7a2e0662d6c7a0d54094207e9b6a6efaa203
                                                                                                                                                                                • Instruction Fuzzy Hash: 2B01A731940619EFDB018F51DD09BEEB7B8FB48721F044626E811B22E0DBB49944CB94
                                                                                                                                                                                Function 00CE5640 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00D90372: EnterCriticalSection.KERNEL32(00EA7DCC,?,?,?,00BCAC36,00EA89FC,3B919AFF,?,?,00DB84ED,000000FF,?,00D21851,3B919AFF,?,?), ref: 00D9037D
                                                                                                                                                                                  • Part of subcall function 00D90372: LeaveCriticalSection.KERNEL32(00EA7DCC,?,00BCAC36,00EA89FC,3B919AFF,?,?,00DB84ED,000000FF,?,00D21851,3B919AFF,?,?,00000000,?), ref: 00D903BA
                                                                                                                                                                                • LoadLibraryA.KERNEL32(Dbghelp.dll,SymFromAddr), ref: 00CE569E
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00CE56A5
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00CE56BC
                                                                                                                                                                                  • Part of subcall function 00D90328: EnterCriticalSection.KERNEL32(00EA7DCC,?,?,00BCACA7,00EA89FC,00E15FA0), ref: 00D90332
                                                                                                                                                                                  • Part of subcall function 00D90328: LeaveCriticalSection.KERNEL32(00EA7DCC,?,00BCACA7,00EA89FC,00E15FA0), ref: 00D90365
                                                                                                                                                                                  • Part of subcall function 00D90328: RtlWakeAllConditionVariable.NTDLL ref: 00D903DC
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$EnterLeave$AddressConditionInit_thread_footerLibraryLoadProcVariableWake
                                                                                                                                                                                • String ID: Dbghelp.dll$SymFromAddr
                                                                                                                                                                                • API String ID: 3268644551-642441706
                                                                                                                                                                                • Opcode ID: fcb8db1662d1ca6a715b31011760f186c632b845691515bf1efe4249738f91e1
                                                                                                                                                                                • Instruction ID: 09d01907bfa48a2e21bfa435cfe971b0dec005a04f5c81b230a52614c0828c53
                                                                                                                                                                                • Opcode Fuzzy Hash: fcb8db1662d1ca6a715b31011760f186c632b845691515bf1efe4249738f91e1
                                                                                                                                                                                • Instruction Fuzzy Hash: F7015AB2A40748EFC710CF59ED45B45B7A4E70E721F208669EA26A73D0D775B904CB21
                                                                                                                                                                                Function 00D903FA Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SleepConditionVariableCS.KERNELBASE(?,00D90397,00000064), ref: 00D9041D
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00EA7DCC,?,?,00D90397,00000064,?,00BCAC36,00EA89FC,3B919AFF,?,?,00DB84ED,000000FF,?,00D21851,3B919AFF), ref: 00D90427
                                                                                                                                                                                • WaitForSingleObjectEx.KERNEL32(?,00000000,?,00D90397,00000064,?,00BCAC36,00EA89FC,3B919AFF,?,?,00DB84ED,000000FF,?,00D21851,3B919AFF), ref: 00D90438
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00EA7DCC,?,00D90397,00000064,?,00BCAC36,00EA89FC,3B919AFF,?,?,00DB84ED,000000FF,?,00D21851,3B919AFF,?), ref: 00D9043F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                                • String ID: v
                                                                                                                                                                                • API String ID: 3269011525-3261393531
                                                                                                                                                                                • Opcode ID: 497c16de4f735e54c39d9c29a25e3ccf613fd30f9a133fc15ad6e0d1b8324d8a
                                                                                                                                                                                • Instruction ID: 39f4df9d215d08a14d4adf18c3888ba945a8523a35533f330367dca292bab4e0
                                                                                                                                                                                • Opcode Fuzzy Hash: 497c16de4f735e54c39d9c29a25e3ccf613fd30f9a133fc15ad6e0d1b8324d8a
                                                                                                                                                                                • Instruction Fuzzy Hash: 5EE09232644628AFCF026FA2ED089E93E28DF0F751B004010F64D76170CA7129089BE5
                                                                                                                                                                                Function 00BE2F70 Relevance: 7.7, APIs: 5, Instructions: 237windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDC.USER32(00000001), ref: 00BE2FE2
                                                                                                                                                                                • GetParent.USER32(00000001), ref: 00BE300D
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000138,?,00000001), ref: 00BE301D
                                                                                                                                                                                • FillRect.USER32(?,?,00000000), ref: 00BE302B
                                                                                                                                                                                • ReleaseDC.USER32(00000001,00000000), ref: 00BE3201
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FillMessageParentRectReleaseSend
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2215362955-0
                                                                                                                                                                                • Opcode ID: 15b74f658aa3b783a80463516586d21614c1d3e1aaf1f148b470331612a0325a
                                                                                                                                                                                • Instruction ID: 3982d8e0b1e77cda6d5eeb69f4964fc6787314f8369b77d4b1ea3e044c59da39
                                                                                                                                                                                • Opcode Fuzzy Hash: 15b74f658aa3b783a80463516586d21614c1d3e1aaf1f148b470331612a0325a
                                                                                                                                                                                • Instruction Fuzzy Hash: 0F9149B1A04649EFDB15CFAACD48BAEBBF9FF08700F144169E905E7250DB31A915CB90
                                                                                                                                                                                Function 00CBCD60 Relevance: 7.7, APIs: 5, Instructions: 151windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetWindowDC.USER32(?,3B919AFF,?,?,00000000,?,?,?,?,?,?,?,?,00000000,00DF2B2D,000000FF), ref: 00CBCD90
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00CBCDB0
                                                                                                                                                                                • IsWindowEnabled.USER32(?), ref: 00CBCDE1
                                                                                                                                                                                • GetFocus.USER32 ref: 00CBCDEF
                                                                                                                                                                                • DeleteDC.GDI32(?), ref: 00CBCF05
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$DeleteEnabledFocusRect
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 733580484-0
                                                                                                                                                                                • Opcode ID: d437baef6a81c16aab4cccf0e23776fcabfc39f35518a3aa3ff131cae868fb53
                                                                                                                                                                                • Instruction ID: 266ea8f8cbfbf82871d2fa8fed9515a7ca2cdb769bf43c6da5e2262268a3cec6
                                                                                                                                                                                • Opcode Fuzzy Hash: d437baef6a81c16aab4cccf0e23776fcabfc39f35518a3aa3ff131cae868fb53
                                                                                                                                                                                • Instruction Fuzzy Hash: 4A512771A04649EFDB21DFA8DD88BEEBBF8EF09300F144159E856B7290D771A944CB24
                                                                                                                                                                                Function 00BD6140 Relevance: 7.6, APIs: 5, Instructions: 125windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ItemMessageSendWindow
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 799199299-0
                                                                                                                                                                                • Opcode ID: 0d7a2c8e101736eb4c0f464d9841ca1c269e4defa7e6929622ced36c613f1853
                                                                                                                                                                                • Instruction ID: 771a8d6f387f480bbe0e4b39707264263ee3b46bb0a34fe4978aaef99ce5d45c
                                                                                                                                                                                • Opcode Fuzzy Hash: 0d7a2c8e101736eb4c0f464d9841ca1c269e4defa7e6929622ced36c613f1853
                                                                                                                                                                                • Instruction Fuzzy Hash: C741CF323016059FC714CF59D894A66F7E9FB88311F0488AFE586C7261E732E855DB60
                                                                                                                                                                                Function 00CBCF30 Relevance: 7.6, APIs: 5, Instructions: 124windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00CBCF8E
                                                                                                                                                                                  • Part of subcall function 00BCAB90: GetProcessHeap.KERNEL32 ref: 00BCABE5
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCAC17
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCACA2
                                                                                                                                                                                  • Part of subcall function 00BE0EF0: GetWindowTextLengthW.USER32(?), ref: 00BE0EF7
                                                                                                                                                                                • IsWindowEnabled.USER32(?), ref: 00CBCFC4
                                                                                                                                                                                • GetFocus.USER32 ref: 00CBCFD4
                                                                                                                                                                                • GetDC.USER32(?), ref: 00CBD004
                                                                                                                                                                                  • Part of subcall function 00CE2500: SelectObject.GDI32(?,?), ref: 00CE2563
                                                                                                                                                                                  • Part of subcall function 00CE2500: SetTextColor.GDI32(?,?), ref: 00CE25AF
                                                                                                                                                                                  • Part of subcall function 00CE2500: DrawTextW.USER32(?,?,?,?,00000024), ref: 00CE25CD
                                                                                                                                                                                  • Part of subcall function 00CE2500: SelectObject.GDI32(?,?), ref: 00CE25D9
                                                                                                                                                                                • CallWindowProcW.USER32(?,?,?,?,?), ref: 00CBD033
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: TextWindow$Init_thread_footerObjectSelect$CallClientColorDrawEnabledFocusHeapLengthProcProcessRect
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1398943273-0
                                                                                                                                                                                • Opcode ID: d5a98965ee9ffc3d7b74d71a8a68386ef711e5762d78f6fbf13327d61af584ab
                                                                                                                                                                                • Instruction ID: 73ba1f8015b251df39276f8f95043f8f72316ab4cc7d73c6ee780789c5f31664
                                                                                                                                                                                • Opcode Fuzzy Hash: d5a98965ee9ffc3d7b74d71a8a68386ef711e5762d78f6fbf13327d61af584ab
                                                                                                                                                                                • Instruction Fuzzy Hash: 88413D71904109DFDB01EF65DD84BEABBF4FF08310F148169E816AB2A1EB35AD45CB60
                                                                                                                                                                                Function 00CD6B50 Relevance: 7.6, APIs: 5, Instructions: 122COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00CD6B84
                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00CD6BA6
                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 00CD6BCE
                                                                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 00CD6CB7
                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 00CD6CE1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 459529453-0
                                                                                                                                                                                • Opcode ID: d59693ed50b3bde5dc3b643978bf6b32ee87598308fda3e0863fbe3cc13310a8
                                                                                                                                                                                • Instruction ID: 2af3554c79c2d0e729a5470602e5671afb5cfc0e0b747d29c68781c51b7833b3
                                                                                                                                                                                • Opcode Fuzzy Hash: d59693ed50b3bde5dc3b643978bf6b32ee87598308fda3e0863fbe3cc13310a8
                                                                                                                                                                                • Instruction Fuzzy Hash: 0251E0B0900218DFDB21DF58C884BAEBBB0EB55314F24815EE991AB3C1D775AE45CBA0
                                                                                                                                                                                Function 00BEF1C0 Relevance: 7.6, APIs: 5, Instructions: 109windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetFocus.USER32(00000000,?,?), ref: 00BEF238
                                                                                                                                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00BEF280
                                                                                                                                                                                • SendMessageW.USER32(?,0000102C,000000FF,0000F000), ref: 00BEF29C
                                                                                                                                                                                • SendMessageW.USER32(?,0000102B,000000FF,?), ref: 00BEF2CE
                                                                                                                                                                                • SetFocus.USER32(00000000,?,?), ref: 00BEF2E1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$Focus
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3982298024-0
                                                                                                                                                                                • Opcode ID: 22c96fd514112545990f338afb46bacd21045420c5109726b9fbd57a38f149a3
                                                                                                                                                                                • Instruction ID: b32a949869b0a28f66a273a5d5586d1194c2e63db648846aa30bc3aca214bf5e
                                                                                                                                                                                • Opcode Fuzzy Hash: 22c96fd514112545990f338afb46bacd21045420c5109726b9fbd57a38f149a3
                                                                                                                                                                                • Instruction Fuzzy Hash: 79418C74D00649DFDB10CF69CC84AAABBF4FF49710F208269E965977A0DB30A904CF40
                                                                                                                                                                                Function 00BF3C80 Relevance: 7.6, APIs: 5, Instructions: 107windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SendMessageW.USER32(?,000000C5,?,00000000), ref: 00BF3CCB
                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00BF3CFD
                                                                                                                                                                                • GetDC.USER32(?), ref: 00BF3D10
                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000), ref: 00BF3D17
                                                                                                                                                                                • GetObjectW.GDI32(00000000,0000005C,?), ref: 00BF3D46
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CapsClientDeviceMessageObjectRectSend
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4027903330-0
                                                                                                                                                                                • Opcode ID: 0cf04c10394c937276e8694daa79161b7df06b405ee29f51ad8c1eff6db901ba
                                                                                                                                                                                • Instruction ID: 338f3f7cfcc8adab81a6e99d7bb974c739d2f0aecc42b2f5c8509aa6f236136d
                                                                                                                                                                                • Opcode Fuzzy Hash: 0cf04c10394c937276e8694daa79161b7df06b405ee29f51ad8c1eff6db901ba
                                                                                                                                                                                • Instruction Fuzzy Hash: 414190316043049FD721DB39CC46F9AB7E8FF89300F004A29F585E71A1EB71A948CB91
                                                                                                                                                                                Function 00BD0240 Relevance: 7.6, APIs: 5, Instructions: 60memorywindowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00BD028A
                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 00BD0290
                                                                                                                                                                                • FormatMessageW.KERNEL32(00001300,00000000,?,00000400,00000000,00000000,00000000), ref: 00BD02B3
                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,00DB9B16,000000FF), ref: 00BD02DB
                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?,00DB9B16,000000FF), ref: 00BD02E1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Heap$FreeProcess$FormatMessage
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1606019998-0
                                                                                                                                                                                • Opcode ID: 45a52997936fb8c061ec28a04c0e141819d35f7f65686bfa68918bef1cee57a0
                                                                                                                                                                                • Instruction ID: f19c99092d7ef1af99c3ffcef26e21a539e64653b03ddb9e45d9875bdd3a3827
                                                                                                                                                                                • Opcode Fuzzy Hash: 45a52997936fb8c061ec28a04c0e141819d35f7f65686bfa68918bef1cee57a0
                                                                                                                                                                                • Instruction Fuzzy Hash: 9A1163B0A54219EBEB10EF94DC06FAFB7B8EB04704F10055AF514A72C1D7B5A6048BB1
                                                                                                                                                                                Function 00BE79F0 Relevance: 7.6, APIs: 5, Instructions: 58windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00BE79FB
                                                                                                                                                                                • SendMessageW.USER32(?,?,?,0000102B), ref: 00BE7A58
                                                                                                                                                                                • SendMessageW.USER32(?,?,?,0000102B), ref: 00BE7AA7
                                                                                                                                                                                • SendMessageW.USER32(?,00001043,00000000,00000000), ref: 00BE7AB8
                                                                                                                                                                                • SendMessageW.USER32(?,00001013,00000000,00000000), ref: 00BE7AC5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$LongWindow
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 312131281-0
                                                                                                                                                                                • Opcode ID: 92421526fc6ff9d45fcdf9ae7a408fd724ef5c9077bb30362a2488c48b39d8f5
                                                                                                                                                                                • Instruction ID: 911001b67157d36ba5548ece6a6677ba05cb092a8fe1456659fbe7ef8c29d9c1
                                                                                                                                                                                • Opcode Fuzzy Hash: 92421526fc6ff9d45fcdf9ae7a408fd724ef5c9077bb30362a2488c48b39d8f5
                                                                                                                                                                                • Instruction Fuzzy Hash: D6215431958346AAD220DF11CD44B1ABBF1FFEE758F206B1DF1D0211A4E7F191848E86
                                                                                                                                                                                Function 00BF3A00 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 314windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateWindowExW.USER32(?,RichEdit20W,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00BF3BAC
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 00BF3BC1
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 00BF3BC9
                                                                                                                                                                                  • Part of subcall function 00BCA850: RtlAllocateHeap.NTDLL(?,00000000,?,3B919AFF,00000000,00DB7F70,000000FF,?,?,00E9F01C,?,00D219F5,8000000B), ref: 00BCA89A
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$AllocateCreateHeapWindow
                                                                                                                                                                                • String ID: RichEdit20W
                                                                                                                                                                                • API String ID: 2359350451-4173859555
                                                                                                                                                                                • Opcode ID: 3b0be09a4ce8f21b8c846e7d61afaa82b351ea6a27de709e314131c892649966
                                                                                                                                                                                • Instruction ID: ced54b8b1122604508d809db161580761e63d9779ae19c8298449cc0a7577a39
                                                                                                                                                                                • Opcode Fuzzy Hash: 3b0be09a4ce8f21b8c846e7d61afaa82b351ea6a27de709e314131c892649966
                                                                                                                                                                                • Instruction Fuzzy Hash: C1B19D71A002099FDB14CFA9C984BEEBBF5FF49710F1441ADE945AB2A1DB71AD04CB60
                                                                                                                                                                                Function 00BD3AB0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 231windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateWindowExW.USER32(00000000,AtlAxWin140,?,?,?,80000000,00000000,00000000,?,00000000,00000000), ref: 00BD3B26
                                                                                                                                                                                • SendMessageW.USER32(?,00000000,00000000), ref: 00BD3C22
                                                                                                                                                                                  • Part of subcall function 00BD5580: SysFreeString.OLEAUT32(00000000), ref: 00BD5623
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateFreeMessageSendStringWindow
                                                                                                                                                                                • String ID: AtlAxWin140$K
                                                                                                                                                                                • API String ID: 4045344427-841691727
                                                                                                                                                                                • Opcode ID: a3e6619bad8c0142939bb89b30504bf3931224c56cd52b1f701f7b2fea751429
                                                                                                                                                                                • Instruction ID: a453798d864d9d57a632fddace6a79e858971eaf6a683aaa0bf6201258246068
                                                                                                                                                                                • Opcode Fuzzy Hash: a3e6619bad8c0142939bb89b30504bf3931224c56cd52b1f701f7b2fea751429
                                                                                                                                                                                • Instruction Fuzzy Hash: D5913474600205EFDB14CF68C888B5ABBF9FF49720F148599F819AB391DB71EA05CB50
                                                                                                                                                                                Function 00BEDFE0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 226windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00BCA850: RtlAllocateHeap.NTDLL(?,00000000,?,3B919AFF,00000000,00DB7F70,000000FF,?,?,00E9F01C,?,00D219F5,8000000B), ref: 00BCA89A
                                                                                                                                                                                  • Part of subcall function 00CBBAD0: SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037,?,?,?,000000EF,?,00BE6FC8,00000000,80004005), ref: 00CBBB38
                                                                                                                                                                                  • Part of subcall function 00CBBAD0: RedrawWindow.USER32(?,00000000,00000000,00000541,?,?,?,000000EF,?,00BE6FC8,00000000,80004005), ref: 00CBBB49
                                                                                                                                                                                  • Part of subcall function 00CBBAD0: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00CBBB68
                                                                                                                                                                                • SendMessageW.USER32(?,00001036,00000004,00000004), ref: 00BEE19D
                                                                                                                                                                                • SendMessageW.USER32(?,00001036,00000400,00000400), ref: 00BEE1B4
                                                                                                                                                                                • SendMessageW.USER32(?,00001061,00000000,?), ref: 00BEE210
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$Window$AllocateHeapRedraw
                                                                                                                                                                                • String ID: QuickSelectionList
                                                                                                                                                                                • API String ID: 884508843-3633591268
                                                                                                                                                                                • Opcode ID: 6472a3d0593a66b6d630e09e48692dd97e48946b4cd7a8359dfc9e45d15db727
                                                                                                                                                                                • Instruction ID: b0302c4698d7bb4f51882f64ba152bfac187533f567f1ae498ba96e062e6653e
                                                                                                                                                                                • Opcode Fuzzy Hash: 6472a3d0593a66b6d630e09e48692dd97e48946b4cd7a8359dfc9e45d15db727
                                                                                                                                                                                • Instruction Fuzzy Hash: 6F81BC71A002099FDB14DF69C885BEAF7F4FF88324F144259E525A7291DB75AD04CBA0
                                                                                                                                                                                Function 00D206E0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 167synchronizationCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF,3B919AFF), ref: 00D20714
                                                                                                                                                                                  • Part of subcall function 00CC6270: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,00000000,00000000,?,00000000,?,00000000,00DC225D,000000FF,?,80004005,?,?), ref: 00CC6288
                                                                                                                                                                                  • Part of subcall function 00CC6270: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,?,-00000001,?,80004005,?,?,?,00000000,00DF48ED,000000FF,?,00CC4B55), ref: 00CC62BA
                                                                                                                                                                                  • Part of subcall function 00BCA850: RtlAllocateHeap.NTDLL(?,00000000,?,3B919AFF,00000000,00DB7F70,000000FF,?,?,00E9F01C,?,00D219F5,8000000B), ref: 00BCA89A
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiWide$AllocateHeapObjectSingleWait
                                                                                                                                                                                • String ID: *.*$.jar$.pack
                                                                                                                                                                                • API String ID: 2019434529-3892993289
                                                                                                                                                                                • Opcode ID: c970dab1343f644f41e3593c5841592d58b4068918c7ab89f0ff04a4a2d8c3ed
                                                                                                                                                                                • Instruction ID: 14716338f513eaa8991325b8521650a7541ea17c4a0fe8c41c9d913bc6d6c64c
                                                                                                                                                                                • Opcode Fuzzy Hash: c970dab1343f644f41e3593c5841592d58b4068918c7ab89f0ff04a4a2d8c3ed
                                                                                                                                                                                • Instruction Fuzzy Hash: E9517270A0161ADFDB10DFA9D944BAEFBB4FF54318F144269E425A7292D734E904CFA0
                                                                                                                                                                                Function 00BD0610 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 78libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryW.KERNEL32(combase.dll,RoOriginateLanguageException), ref: 00BD0652
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,combase.dll), ref: 00BD0658
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                • String ID: RoOriginateLanguageException$combase.dll
                                                                                                                                                                                • API String ID: 2574300362-3996158991
                                                                                                                                                                                • Opcode ID: 4432b0c190ef80a0860b2233a43f23a8ed37692bf66c3c2e982eceec3d073db7
                                                                                                                                                                                • Instruction ID: 2a994f37459f3364a85356448ab6c17ffd78fc8b4dc9f65f1e9640f73c17c2df
                                                                                                                                                                                • Opcode Fuzzy Hash: 4432b0c190ef80a0860b2233a43f23a8ed37692bf66c3c2e982eceec3d073db7
                                                                                                                                                                                • Instruction Fuzzy Hash: 24313071914209DFDB10EF64DD45BEEB7F4FB44314F10866AE825A72D0EBB49A04CBA1
                                                                                                                                                                                Function 00D13E80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,00D11BDA,?,3B919AFF,?,?,?,?,00E02455,000000FF), ref: 00D13E8D
                                                                                                                                                                                • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00D11BDA,?,3B919AFF,?,?,?,?,00E02455,000000FF,?), ref: 00D13EAE
                                                                                                                                                                                • GetLastError.KERNEL32(?,3B919AFF,?,?,?,?,00E02455,000000FF,?,00D1150D,?,?,00000000,?,?), ref: 00D13F0E
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateEvent$ErrorLast
                                                                                                                                                                                • String ID: AdvancedInstaller
                                                                                                                                                                                • API String ID: 1131763895-1372594473
                                                                                                                                                                                • Opcode ID: 2096829774b6a81acab0ea717db59231666d7c46cd48ecafe1fdfb4933eab2e1
                                                                                                                                                                                • Instruction ID: 479ab74fd9411b43906d25aa21e291061656fc411e9f61cccfadafb57a0d7e6f
                                                                                                                                                                                • Opcode Fuzzy Hash: 2096829774b6a81acab0ea717db59231666d7c46cd48ecafe1fdfb4933eab2e1
                                                                                                                                                                                • Instruction Fuzzy Hash: 03118E71740702BFE720CF25DD89F96BBA4BB88704F208525F50597280CB71F955CBA0
                                                                                                                                                                                Function 00BD8CF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00EAE7BC), ref: 00BD8D2C
                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00BD8D40
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00EAE7BC), ref: 00BD8D7F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$CurrentEnterLeaveThread
                                                                                                                                                                                • String ID: v
                                                                                                                                                                                • API String ID: 2351996187-3261393531
                                                                                                                                                                                • Opcode ID: ac43d5e5581de3e6022d35c9e3e703785a8125b403f108b1489898c1a1aeb375
                                                                                                                                                                                • Instruction ID: 25e0d6388ebf6fa91a5f92eafd53b97804b84c76a2d01d963f0e38e0eaf40d4f
                                                                                                                                                                                • Opcode Fuzzy Hash: ac43d5e5581de3e6022d35c9e3e703785a8125b403f108b1489898c1a1aeb375
                                                                                                                                                                                • Instruction Fuzzy Hash: EE11E631904718CFCB20CF15C80475AFBE5EB59B11F1082AFE862A73D0EB7068048B90
                                                                                                                                                                                Function 00D8DAC5 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Cnd_broadcastCurrentMtx_unlockThread
                                                                                                                                                                                • String ID: x
                                                                                                                                                                                • API String ID: 2021000804-2985756205
                                                                                                                                                                                • Opcode ID: 27102765cae123c3cbb0a351574a9748145c65026755c81692eab1ad7865a86f
                                                                                                                                                                                • Instruction ID: 9c549b5c5e7ea73ced1807660b68fb53e7ec75efc3f57ec1ff1e2d715a3d0eaf
                                                                                                                                                                                • Opcode Fuzzy Hash: 27102765cae123c3cbb0a351574a9748145c65026755c81692eab1ad7865a86f
                                                                                                                                                                                • Instruction Fuzzy Hash: DC01BC356007029FDB29BF65C851AAAB3BAEF50361F250439E55AAB2C0D771FC00DBB0
                                                                                                                                                                                Function 00D94C0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,00D94BBD,?,?,00000000,?,?,?,00D94CE7,00000002,FlsGetValue,00E19F08,FlsGetValue), ref: 00D94C19
                                                                                                                                                                                • GetLastError.KERNEL32(?,00D94BBD,?,?,00000000,?,?,?,00D94CE7,00000002,FlsGetValue,00E19F08,FlsGetValue,?,?,00D91B04), ref: 00D94C23
                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 00D94C4B
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                • String ID: api-ms-
                                                                                                                                                                                • API String ID: 3177248105-2084034818
                                                                                                                                                                                • Opcode ID: 83d9c6bcc423903c92e9bf1075333045c6d97d311252dd55372f427690bbf227
                                                                                                                                                                                • Instruction ID: 38c312a2e152f5d62f8147d612136fc4f3a63037c0e6e0d69c4b9c82766d8728
                                                                                                                                                                                • Opcode Fuzzy Hash: 83d9c6bcc423903c92e9bf1075333045c6d97d311252dd55372f427690bbf227
                                                                                                                                                                                • Instruction Fuzzy Hash: 4CE04830244308BFFF101F91ED06FDD3B55AB00B95F148020FA1CB40F5EB71A9599655
                                                                                                                                                                                Function 00BE6E30 Relevance: 6.3, APIs: 4, Instructions: 321windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 00BE6F78
                                                                                                                                                                                • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 00BE6F8D
                                                                                                                                                                                  • Part of subcall function 00BCA850: RtlAllocateHeap.NTDLL(?,00000000,?,3B919AFF,00000000,00DB7F70,000000FF,?,?,00E9F01C,?,00D219F5,8000000B), ref: 00BCA89A
                                                                                                                                                                                  • Part of subcall function 00CBBAD0: SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037,?,?,?,000000EF,?,00BE6FC8,00000000,80004005), ref: 00CBBB38
                                                                                                                                                                                  • Part of subcall function 00CBBAD0: RedrawWindow.USER32(?,00000000,00000000,00000541,?,?,?,000000EF,?,00BE6FC8,00000000,80004005), ref: 00CBBB49
                                                                                                                                                                                  • Part of subcall function 00CBBAD0: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00CBBB68
                                                                                                                                                                                • SendMessageW.USER32(?,0000101C,00000000,00000000), ref: 00BE70C3
                                                                                                                                                                                • SendMessageW.USER32(?,00001061,00000000,00000005), ref: 00BE71BF
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$Window$AllocateHeapRedraw
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 884508843-0
                                                                                                                                                                                • Opcode ID: 8dccafc61d3d8d72eb374e90dd24ad3601d10a86884e82dc045687df81f6e9d7
                                                                                                                                                                                • Instruction ID: 5d07046b043a267526d8f4c5a1c710c576593fed6ce7608c77b1e3d5f177a53e
                                                                                                                                                                                • Opcode Fuzzy Hash: 8dccafc61d3d8d72eb374e90dd24ad3601d10a86884e82dc045687df81f6e9d7
                                                                                                                                                                                • Instruction Fuzzy Hash: FAC1AC71A00249DFDB18DFA9C885BEEFBF5FF48314F104259E415AB290DBB5A944CBA0
                                                                                                                                                                                Function 00BD5390 Relevance: 6.3, APIs: 4, Instructions: 269memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SysAllocStringLen.OLEAUT32(00000000,?), ref: 00BD545A
                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00BD54A6
                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00BD54C8
                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00BD5623
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: String$Free$Alloc
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 986138563-0
                                                                                                                                                                                • Opcode ID: a6ce9ec2338e02aef1a995265c29207816b31a8d3567060c1f34f6f7f5ff5ebd
                                                                                                                                                                                • Instruction ID: 6e4c6471fa2317cd32a0d106819de939278448fa3da34b9ec1f5c7cfd12e9f96
                                                                                                                                                                                • Opcode Fuzzy Hash: a6ce9ec2338e02aef1a995265c29207816b31a8d3567060c1f34f6f7f5ff5ebd
                                                                                                                                                                                • Instruction Fuzzy Hash: ACA18071A0060AEFDB25DF98CC85BAEB7F8EF44714F10415AE515E7380E774AA05CB61
                                                                                                                                                                                Function 00BF0570 Relevance: 6.2, APIs: 4, Instructions: 246windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SendMessageW.USER32(00000001,0000110A,00000004,?), ref: 00BF0645
                                                                                                                                                                                • SendMessageW.USER32(00000001,0000110A,00000001,00000000), ref: 00BF0677
                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000004,?), ref: 00BF07EE
                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 00BF0816
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                • Opcode ID: 392d097ccd03c4e748ee40d4b5fe955e7aa9f1775fa3dce79abc798ba1a901a7
                                                                                                                                                                                • Instruction ID: 033a925960bf6187de9547e935ab6e24d5d00d9a31df172276b94ad644dcb5b6
                                                                                                                                                                                • Opcode Fuzzy Hash: 392d097ccd03c4e748ee40d4b5fe955e7aa9f1775fa3dce79abc798ba1a901a7
                                                                                                                                                                                • Instruction Fuzzy Hash: DE916171A11209EFCB15EF68D880AEEB7F5FF49310F0445A9E501A76A2D770AD49CF90
                                                                                                                                                                                Function 00BDDDF0 Relevance: 6.2, APIs: 4, Instructions: 166memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00BDDF28
                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00BDDF3B
                                                                                                                                                                                • VariantClear.OLEAUT32(00000000), ref: 00BDDF5D
                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00BDDF8E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ClearVariant$AllocString
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2502263055-0
                                                                                                                                                                                • Opcode ID: d51875a1458c375a754bfd447634fbd3b8300129dd67946ba089c372776fe4a3
                                                                                                                                                                                • Instruction ID: 43635a7776b98636f6e489e533c70a588105f31960759e668e770227567c49c1
                                                                                                                                                                                • Opcode Fuzzy Hash: d51875a1458c375a754bfd447634fbd3b8300129dd67946ba089c372776fe4a3
                                                                                                                                                                                • Instruction Fuzzy Hash: 5F5171B5A002199FDB20CF64CC40B9AF7F4EF48714F1085AAEA59EB341E735A9858F94
                                                                                                                                                                                Function 00BE0680 Relevance: 6.1, APIs: 4, Instructions: 101windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00BE06D9
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00BE070D
                                                                                                                                                                                • SendMessageW.USER32(?,00000317,00000000,00000006), ref: 00BE0739
                                                                                                                                                                                • SendMessageW.USER32(?,00000318,?,00000006), ref: 00BE0797
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$ClientErrorLastRect
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2591167063-0
                                                                                                                                                                                • Opcode ID: 79ee3c50ed0e335e95def0ee001a2f60d45e797ba040abdf4adf91c44d8f683b
                                                                                                                                                                                • Instruction ID: 7ca47d347026b2c5fb22da0082adae76f807809be0f814b2038fa0fb7d6a3337
                                                                                                                                                                                • Opcode Fuzzy Hash: 79ee3c50ed0e335e95def0ee001a2f60d45e797ba040abdf4adf91c44d8f683b
                                                                                                                                                                                • Instruction Fuzzy Hash: B031D570904748AFE721DF26CC49BAABBF4FB09750F104259F552A61E1DBB4BD84CB20
                                                                                                                                                                                Function 00CE2500 Relevance: 6.1, APIs: 4, Instructions: 92COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00BE0D60: CreateCompatibleDC.GDI32(?), ref: 00BE0DBB
                                                                                                                                                                                  • Part of subcall function 00BE0D60: CreateCompatibleBitmap.GDI32(?,?,?), ref: 00BE0DD4
                                                                                                                                                                                  • Part of subcall function 00BE0D60: SelectObject.GDI32(?,00000000), ref: 00BE0DE0
                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00CE2563
                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 00CE25AF
                                                                                                                                                                                • DrawTextW.USER32(?,?,?,?,00000024), ref: 00CE25CD
                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00CE25D9
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ObjectSelect$CompatibleCreateText$BitmapColorDraw
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1127287786-0
                                                                                                                                                                                • Opcode ID: 94fec92de416ce4dee8842f542a9430646c95b2be56c34ef31c27267798e6bf5
                                                                                                                                                                                • Instruction ID: 621a1d64eab1088be7d27bf2e674055e13f685e2c0ae9842be8027a1182de869
                                                                                                                                                                                • Opcode Fuzzy Hash: 94fec92de416ce4dee8842f542a9430646c95b2be56c34ef31c27267798e6bf5
                                                                                                                                                                                • Instruction Fuzzy Hash: 91315971901208BFDB11DF95DD46B9DBFB5FF08710F208225F915A62A0EB316A64DBA0
                                                                                                                                                                                Function 00C70280 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FindResourceW.KERNEL32(00000000,?,00000017,3B919AFF,?,00EA9310,?,?,?,?,00000000,Function_00223FBD,000000FF,?,?,00EA9310), ref: 00C702C9
                                                                                                                                                                                • LoadResource.KERNEL32(00000000,00000000,?,00EA9310,?,?,?,?,00000000,Function_00223FBD,000000FF,?,?,00EA9310,?), ref: 00C702D8
                                                                                                                                                                                • LockResource.KERNEL32(00000000,?,00EA9310,?,?,?,?,00000000,Function_00223FBD,000000FF,?,?,00EA9310,?), ref: 00C702E3
                                                                                                                                                                                • SizeofResource.KERNEL32(00000000,?,?,00EA9310,?,?,?,?,00000000,Function_00223FBD,000000FF,?,?,00EA9310,?), ref: 00C702F4
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3473537107-0
                                                                                                                                                                                • Opcode ID: 41cf4f0a9b363064f886e5d4ab4943e4a2c9e8391731bdeb8db25f42dce7f05e
                                                                                                                                                                                • Instruction ID: c941564a6bb1717c79d2bf0795814e625ff89a59ee13102a45527a056239b57c
                                                                                                                                                                                • Opcode Fuzzy Hash: 41cf4f0a9b363064f886e5d4ab4943e4a2c9e8391731bdeb8db25f42dce7f05e
                                                                                                                                                                                • Instruction Fuzzy Hash: 2631E272D04605DFD7209F75DD04BABB7B4FB08710F208229E825A7690EF30AA0887A1
                                                                                                                                                                                Function 00D278B0 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00D278FA
                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00D2790D
                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00D27967
                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00D2797A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CapsDevice
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 328075279-0
                                                                                                                                                                                • Opcode ID: 83a2afad3fd994a4154ed175baa9426e1e001dd52d17edfb5d38a0198c095515
                                                                                                                                                                                • Instruction ID: 1d29d968b93a1b5c7b2928b3e0d8551d913f91ab7d75b23dff7a51d40b360ecc
                                                                                                                                                                                • Opcode Fuzzy Hash: 83a2afad3fd994a4154ed175baa9426e1e001dd52d17edfb5d38a0198c095515
                                                                                                                                                                                • Instruction Fuzzy Hash: 2531A1B1904714AFD712CF75DC4575AB7B8FB1A3A5F108726E415F2291E7306845CA60
                                                                                                                                                                                Function 00BD6020 Relevance: 6.1, APIs: 4, Instructions: 84windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Focus$ChildWindow
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 501040988-0
                                                                                                                                                                                • Opcode ID: 1dd6378f690ad950244869264eee6ab51f6a30e282fd7bc81bf0a6bf20d0abf8
                                                                                                                                                                                • Instruction ID: cc7bc166b61471530620d3a5249ecb2d9509c91a058fb88e0b8c25587e4cc2a0
                                                                                                                                                                                • Opcode Fuzzy Hash: 1dd6378f690ad950244869264eee6ab51f6a30e282fd7bc81bf0a6bf20d0abf8
                                                                                                                                                                                • Instruction Fuzzy Hash: 71318970604606AFDB14CF64CD88B6AFBB8FF49310F10465AE525D73A0EB71A814CB90
                                                                                                                                                                                Function 00BE32F0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(?,3B919AFF), ref: 00BE335A
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,3B919AFF), ref: 00BE3367
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 00BE33B8
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                                                                • String ID: v
                                                                                                                                                                                • API String ID: 3991485460-3261393531
                                                                                                                                                                                • Opcode ID: 3b610bb3432a722e2341f31bef8184932de1133f0d13d07098226b3f0f8ace75
                                                                                                                                                                                • Instruction ID: de7f95ba534fbc9f8c0a091edbba1b38df6db1a75e445275078821481ee52bb2
                                                                                                                                                                                • Opcode Fuzzy Hash: 3b610bb3432a722e2341f31bef8184932de1133f0d13d07098226b3f0f8ace75
                                                                                                                                                                                • Instruction Fuzzy Hash: C521D3729002849FDF11CF65CC44BD9BBB4FB5A724F1441A9DC59AB382DB315A09CBA0
                                                                                                                                                                                Function 00BE33E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(?,3B919AFF), ref: 00BE344A
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,3B919AFF), ref: 00BE3457
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 00BE349E
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                                                                • String ID: v
                                                                                                                                                                                • API String ID: 3991485460-3261393531
                                                                                                                                                                                • Opcode ID: 839edabe5e0d9cfe0ff617f10d335a5c5b4572bde99c11663dd93bff1ccbbe23
                                                                                                                                                                                • Instruction ID: c049db7810887dc30a152e3f75e4ac168f5688e8c76b965fcd5b4327cdd8b9d8
                                                                                                                                                                                • Opcode Fuzzy Hash: 839edabe5e0d9cfe0ff617f10d335a5c5b4572bde99c11663dd93bff1ccbbe23
                                                                                                                                                                                • Instruction Fuzzy Hash: 0B21AE729002449FDF11CF65CC44BA9BBB4FF1A724F1045A9EC55AB382D731AA09CBA0
                                                                                                                                                                                Function 00D15990 Relevance: 6.1, APIs: 4, Instructions: 62synchronizationCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ResetEvent.KERNEL32(?,?,000003E8,00D14DC2,?,?,?,?,?,00000003,00000000,3B919AFF,?,000003E8), ref: 00D159A2
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,000003E8,00D14DC2,?,?,?,?,?,00000003,00000000,3B919AFF,?,000003E8), ref: 00D159CF
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,0000000A,?,?,000003E8,00D14DC2,?,?,?,?,?,00000003,00000000,3B919AFF,?,000003E8), ref: 00D15A05
                                                                                                                                                                                • SetEvent.KERNEL32(?,?,?,000003E8,00D14DC2,?,?,?,?,?,00000003,00000000,3B919AFF,?,000003E8), ref: 00D15A28
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Event$ErrorLastObjectResetSingleWait
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 708712559-0
                                                                                                                                                                                • Opcode ID: 58fb568b9529348547140d5dfff11cd3e14c12891cde16de1da192356c7c6480
                                                                                                                                                                                • Instruction ID: 294252f34aafc0e277750f6876724e9ae3aa0f5f420036f2a4d58a32ebcfb3cd
                                                                                                                                                                                • Opcode Fuzzy Hash: 58fb568b9529348547140d5dfff11cd3e14c12891cde16de1da192356c7c6480
                                                                                                                                                                                • Instruction Fuzzy Hash: 8111C131284B40EEE7708B26F984BD77B91BFA5324F085A1DE08392565CB28FCC5CB60
                                                                                                                                                                                Function 00BE3230 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(?,3B919AFF,?), ref: 00BE328D
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,3B919AFF,?), ref: 00BE329A
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 00BE32C2
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                                                                • String ID: v
                                                                                                                                                                                • API String ID: 3991485460-3261393531
                                                                                                                                                                                • Opcode ID: 1a016bd58c5d239c533a238d9b110eb513b87d954f32bf6a4ef85fe3a00b65bc
                                                                                                                                                                                • Instruction ID: ba61247b79dd2f72e454d0d9f56ae1277b147cfcad340fa8a6b0b765a926627a
                                                                                                                                                                                • Opcode Fuzzy Hash: 1a016bd58c5d239c533a238d9b110eb513b87d954f32bf6a4ef85fe3a00b65bc
                                                                                                                                                                                • Instruction Fuzzy Hash: C0210676904388DFDF01CF64D844BE9BBB4EF56724F2041A9D855A7381D7325A09CBA0
                                                                                                                                                                                Function 00D21A20 Relevance: 6.0, APIs: 4, Instructions: 44threadsynchronizationCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,?,3B919AFF,?,?,00000000,00DB8480,000000FF,?,00D21A08,00000000,8000000B), ref: 00D21A57
                                                                                                                                                                                • GetExitCodeThread.KERNEL32(?,?,?,?,00000000,00DB8480,000000FF,?,00D21A08,00000000,8000000B), ref: 00D21A71
                                                                                                                                                                                • TerminateThread.KERNEL32(?,00000000,?,?,00000000,00DB8480,000000FF,?,00D21A08,00000000,8000000B), ref: 00D21A89
                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,00000000,00DB8480,000000FF,?,00D21A08,00000000,8000000B), ref: 00D21A92
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Thread$CloseCodeExitHandleObjectSingleTerminateWait
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3774109050-0
                                                                                                                                                                                • Opcode ID: cc3d346178425446979230764b038b65d854a49f3a405b9d4776884962c5cac1
                                                                                                                                                                                • Instruction ID: cd03c85b570b8b7e3c8e03df6ad0694d7372bb380d2d15bbb7fbd8d8915cad41
                                                                                                                                                                                • Opcode Fuzzy Hash: cc3d346178425446979230764b038b65d854a49f3a405b9d4776884962c5cac1
                                                                                                                                                                                • Instruction Fuzzy Hash: 2201B17590071AEFDB20CF55ED05BA6B7F9FB08714F00862DE826A26A0DB70AC08CB50
                                                                                                                                                                                Function 00BCBDF0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 455synchronizationCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateEventExW.KERNEL32(00000000,00000000,00000001,001F0003,?,?,?,3B919AFF), ref: 00BCC318
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00BCC36E
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateEventObjectSingleWait
                                                                                                                                                                                • String ID: .appinstaller
                                                                                                                                                                                • API String ID: 2678385144-3071040812
                                                                                                                                                                                • Opcode ID: ca73010fcc85f53752e98de438662b41f8c4d1de33b2370b1ec7fc94f1882782
                                                                                                                                                                                • Instruction ID: cd4e62d18f92f5f06332dea0b53e0282c1caf5cf88ba5f2971e463c82602d1e5
                                                                                                                                                                                • Opcode Fuzzy Hash: ca73010fcc85f53752e98de438662b41f8c4d1de33b2370b1ec7fc94f1882782
                                                                                                                                                                                • Instruction Fuzzy Hash: 6B229C70801288DEEF05DFA8C948BDD7FF4AF21308F14819DE8556B292DBB99B48DB51
                                                                                                                                                                                Function 00DA3EFD Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __startOneArgErrorHandling.LIBCMT ref: 00DA3F8D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorHandling__start
                                                                                                                                                                                • String ID: pow
                                                                                                                                                                                • API String ID: 3213639722-2276729525
                                                                                                                                                                                • Opcode ID: 109bdc408459f1faf4bfd55aa159fcd16b0f2b8e862dd24eb1fbe4ef6484d140
                                                                                                                                                                                • Instruction ID: 5632365d9de3fd5ad34bfc4a8766dd15ed171182722b4e951558f4e60270a798
                                                                                                                                                                                • Opcode Fuzzy Hash: 109bdc408459f1faf4bfd55aa159fcd16b0f2b8e862dd24eb1fbe4ef6484d140
                                                                                                                                                                                • Instruction Fuzzy Hash: AF51AA61E182029ECB117B14CD0137A7BB2EF52740F388958F0D7466E8EB35CE85AA76
                                                                                                                                                                                Function 00D0F520 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 167COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00BCAB90: GetProcessHeap.KERNEL32 ref: 00BCABE5
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCAC17
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCACA2
                                                                                                                                                                                • CloseHandle.KERNEL32(?,3B919AFF,000000C9,00000000), ref: 00D0F6A3
                                                                                                                                                                                • DeleteCriticalSection.KERNEL32(?,3B919AFF,000000C9,00000000), ref: 00D0F731
                                                                                                                                                                                Strings
                                                                                                                                                                                • << Advanced Installer (x86) Log >>, xrefs: 00D0F60F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Init_thread_footer$CloseCriticalDeleteHandleHeapProcessSection
                                                                                                                                                                                • String ID: << Advanced Installer (x86) Log >>
                                                                                                                                                                                • API String ID: 3699736680-396061572
                                                                                                                                                                                • Opcode ID: 068073dd6004e0f1eedbfac0e8b010bf6e68404ef0957c8f67502827836f0e9e
                                                                                                                                                                                • Instruction ID: e7c63b135000d0d69ac4a8867b550aa175105a03d6c98679fa2542106413ee18
                                                                                                                                                                                • Opcode Fuzzy Hash: 068073dd6004e0f1eedbfac0e8b010bf6e68404ef0957c8f67502827836f0e9e
                                                                                                                                                                                • Instruction Fuzzy Hash: 3761F370900646DFD700CF69C988B4AFBF4FF4A714F1482ACD414AB792DB75AA09CB91
                                                                                                                                                                                Function 00D325A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 151COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • OpenEventW.KERNEL32(00000000,00000000,3B919AFF,_pbl_evt,00000008,?,?,00E3B488,00000001,3B919AFF,00000000), ref: 00D3264E
                                                                                                                                                                                • CreateEventW.KERNEL32(00000000,00000001,00000001,?), ref: 00D3266B
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Event$CreateOpen
                                                                                                                                                                                • String ID: _pbl_evt
                                                                                                                                                                                • API String ID: 2335040897-4023232351
                                                                                                                                                                                • Opcode ID: f60b59d82aa7dba0b1f5064c780d31090a1b30d4a5447e2e28c4f8b1173d8501
                                                                                                                                                                                • Instruction ID: 9f68335839dfdb03e381b95b5b13b8d1a33601f61b7081ca3f2509d3e48604b5
                                                                                                                                                                                • Opcode Fuzzy Hash: f60b59d82aa7dba0b1f5064c780d31090a1b30d4a5447e2e28c4f8b1173d8501
                                                                                                                                                                                • Instruction Fuzzy Hash: 4F517171D10608DFDB10DF68DD46BAEB7B4EF18710F108269E915B72D0DB746A04CBA5
                                                                                                                                                                                Function 00DB167C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00DA820D: RtlFreeHeap.NTDLL(00000000,00000000,?,00DB1120,?,00000000,?,?,00DB13C1,?,00000007,?,?,00DB1813,?,?), ref: 00DA8223
                                                                                                                                                                                  • Part of subcall function 00DA820D: GetLastError.KERNEL32(?,?,00DB1120,?,00000000,?,?,00DB13C1,?,00000007,?,?,00DB1813,?,?), ref: 00DA822E
                                                                                                                                                                                • ___free_lconv_mon.LIBCMT ref: 00DB16C0
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                • String ID: XB$p@
                                                                                                                                                                                • API String ID: 4068849827-310831944
                                                                                                                                                                                • Opcode ID: e69fbccd26280a1ae1a18bd7cec91a4c814ae0b9c0d2eef3f32f0a3806a2f560
                                                                                                                                                                                • Instruction ID: 81f2af1183be6ec0d45a5249fab2441905b8e03f6551ae10a4ba1464c76dfa85
                                                                                                                                                                                • Opcode Fuzzy Hash: e69fbccd26280a1ae1a18bd7cec91a4c814ae0b9c0d2eef3f32f0a3806a2f560
                                                                                                                                                                                • Instruction Fuzzy Hash: 9F318D35A00740DFEB20AA79D855FAA7BE8EF01310F684529E466D71A1DF31EC40DB74
                                                                                                                                                                                Function 00CE5040 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 110windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FormatMessageW.KERNEL32(000013FF,00000000,?,00000000,00000000,00000000,00000000,3B919AFF,00E3A804), ref: 00CE50AC
                                                                                                                                                                                • LocalFree.KERNEL32(00000000,00000000,-00000002), ref: 00CE51A3
                                                                                                                                                                                  • Part of subcall function 00CD49B0: std::locale::_Init.LIBCPMT ref: 00CD4A8D
                                                                                                                                                                                  • Part of subcall function 00CD2440: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00CD2515
                                                                                                                                                                                Strings
                                                                                                                                                                                • Failed to get Windows error message [win32 error 0x, xrefs: 00CE50CA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FormatFreeInitIos_base_dtorLocalMessagestd::ios_base::_std::locale::_
                                                                                                                                                                                • String ID: Failed to get Windows error message [win32 error 0x
                                                                                                                                                                                • API String ID: 1983821583-3373098694
                                                                                                                                                                                • Opcode ID: 9a4bd9fb570a591a51ddf44226e526089051c47026d595d90e786c02fcac86f0
                                                                                                                                                                                • Instruction ID: 75102e179eb1becd80e745521e300256915c4d51d3d4b7b06b9fa407b85b85e2
                                                                                                                                                                                • Opcode Fuzzy Hash: 9a4bd9fb570a591a51ddf44226e526089051c47026d595d90e786c02fcac86f0
                                                                                                                                                                                • Instruction Fuzzy Hash: 0B41C370A007489FDB10DF59CD46BAEBBF8EF44314F208159E515A72D1EBB49B48CB92
                                                                                                                                                                                Function 00C05730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00C0575B
                                                                                                                                                                                • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00C057BE
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                                • String ID: bad locale name
                                                                                                                                                                                • API String ID: 3988782225-1405518554
                                                                                                                                                                                • Opcode ID: 5f9ef36c3d1c1685a739287a8e249c37f29133cd24d74fbafc614b1c1d645e0f
                                                                                                                                                                                • Instruction ID: eddded279f2ca2fdff4cce923fe56912234578c45f9b11e39a98157f50227547
                                                                                                                                                                                • Opcode Fuzzy Hash: 5f9ef36c3d1c1685a739287a8e249c37f29133cd24d74fbafc614b1c1d645e0f
                                                                                                                                                                                • Instruction Fuzzy Hash: 8821ED70A09B84DFD721CF68C904B4BBBE4AF15700F14869DE49597BC1D3B6EA04CBA1
                                                                                                                                                                                Function 00BC9F40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00D8F743: EnterCriticalSection.KERNEL32(00EA7D50,00000000,?,?,00BC9F77,00000000,3B919AFF,00000000,?,00000000,?,-00000010,00DB83F0,000000FF,?,00BCA150), ref: 00D8F74E
                                                                                                                                                                                  • Part of subcall function 00D8F743: LeaveCriticalSection.KERNEL32(00EA7D50,?,00BC9F77,00000000,3B919AFF,00000000,?,00000000,?,-00000010,00DB83F0,000000FF,?,00BCA150,00000000,00000000), ref: 00D8F77A
                                                                                                                                                                                • FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000,3B919AFF,00000000,?,00000000,?,-00000010,00DB83F0,000000FF,?,00BCA150,00000000), ref: 00BC9F96
                                                                                                                                                                                  • Part of subcall function 00BCA000: LoadResource.KERNEL32(00000000,00000000,3B919AFF,00000001,00000000,?,00000000,00DB7D20,000000FF,?,00BC9FAC,?,?,00BCA150,00000000,00000000), ref: 00BCA02B
                                                                                                                                                                                  • Part of subcall function 00BCA000: LockResource.KERNEL32(00000000,?,00BC9FAC,?,?,00BCA150,00000000,00000000,00000000,00BCA2B8,-00000010,?,00000000), ref: 00BCA036
                                                                                                                                                                                  • Part of subcall function 00BCA000: SizeofResource.KERNEL32(00000000,00000000,?,00BC9FAC,?,?,00BCA150,00000000,00000000,00000000,00BCA2B8,-00000010,?,00000000), ref: 00BCA044
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Resource$CriticalSection$EnterFindLeaveLoadLockSizeof
                                                                                                                                                                                • String ID: <}$<}
                                                                                                                                                                                • API String ID: 529824247-4096868979
                                                                                                                                                                                • Opcode ID: 24c31aee8b8bc6701059a9d8163642b48ae5ff2459aa1c54169643ce00f85829
                                                                                                                                                                                • Instruction ID: 99cdbb63fe0b236463dcda2fa9bdbda37fdb14b5461e3f3174c6e078e08397dd
                                                                                                                                                                                • Opcode Fuzzy Hash: 24c31aee8b8bc6701059a9d8163642b48ae5ff2459aa1c54169643ce00f85829
                                                                                                                                                                                • Instruction Fuzzy Hash: A911AB76F086145FE7258B599C51F7AB3E8E749B64F00017EED0AD7780DB75AC0046D0
                                                                                                                                                                                Function 00D8D283 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • VirtualQuery.KERNEL32(80000000,00D8D1C8,0000001C,00D8D3BD,00000000,?,?,?,?,?,?,?,00D8D1C8,00000004,00EA78D4,00D8D44D), ref: 00D8D294
                                                                                                                                                                                • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,00D8D1C8,00000004,00EA78D4,00D8D44D), ref: 00D8D2AF
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InfoQuerySystemVirtual
                                                                                                                                                                                • String ID: D
                                                                                                                                                                                • API String ID: 401686933-2746444292
                                                                                                                                                                                • Opcode ID: 74dc42e675cda2a6d691260f081cfd4a1f2e4327022f2d2c05f3ef0fb5ca5b6d
                                                                                                                                                                                • Instruction ID: 783e912b244c2aa6402a014f31813747eabdb41af1b89a9d38aacb4fd15aeb22
                                                                                                                                                                                • Opcode Fuzzy Hash: 74dc42e675cda2a6d691260f081cfd4a1f2e4327022f2d2c05f3ef0fb5ca5b6d
                                                                                                                                                                                • Instruction Fuzzy Hash: 1E01F733B001096FCB14EE69DC05BDD7BAAAFC4324F0CC120ED19D7181DA34D9068794
                                                                                                                                                                                Function 00BE7F40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetParent.USER32(00000003), ref: 00BE7F72
                                                                                                                                                                                Strings
                                                                                                                                                                                • C:\ReleaseAI\stubs\setup\controls\generic\VisualStyleBorder.h, xrefs: 00BE7F47
                                                                                                                                                                                • 4V, xrefs: 00BE7F88
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Parent
                                                                                                                                                                                • String ID: 4V$C:\ReleaseAI\stubs\setup\controls\generic\VisualStyleBorder.h
                                                                                                                                                                                • API String ID: 975332729-2048292001
                                                                                                                                                                                • Opcode ID: 372f42375e333e08ea4f07838f97289f6a7ea5e34e938e92b574fbe28616c5fa
                                                                                                                                                                                • Instruction ID: 01974295eaf5cdb3c9900b395491b1af7c68c7d8c6fb5c5b69b327427009e5f4
                                                                                                                                                                                • Opcode Fuzzy Hash: 372f42375e333e08ea4f07838f97289f6a7ea5e34e938e92b574fbe28616c5fa
                                                                                                                                                                                • Instruction Fuzzy Hash: 72115E34905298DFCF04DBE4CD58A9DBBB1AF99304F5480A8D001AB295DBB55E09DB81
                                                                                                                                                                                Function 00BD324B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp, xrefs: 00BD3252
                                                                                                                                                                                • 4V, xrefs: 00BD328D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ActiveWindow
                                                                                                                                                                                • String ID: 4V$C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp
                                                                                                                                                                                • API String ID: 2558294473-3853628876
                                                                                                                                                                                • Opcode ID: 4c66ade83df513da859542fb8d647a56e13740fd3a728f2266f327f81e9dd6bd
                                                                                                                                                                                • Instruction ID: c8f42386278640a9fa9737d68e0037d74da802a30e240d5c4c92262c31e3c192
                                                                                                                                                                                • Opcode Fuzzy Hash: 4c66ade83df513da859542fb8d647a56e13740fd3a728f2266f327f81e9dd6bd
                                                                                                                                                                                • Instruction Fuzzy Hash: 18117934D05298DFCB04DBE4C958B9DBBF1AF95304F5480A8D045AB385EBB46A08DB92
                                                                                                                                                                                Function 00BD35B9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • 4V, xrefs: 00BD35FE
                                                                                                                                                                                • C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp, xrefs: 00BD35C3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ActiveWindow
                                                                                                                                                                                • String ID: 4V$C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp
                                                                                                                                                                                • API String ID: 2558294473-3853628876
                                                                                                                                                                                • Opcode ID: 9d542fed69c75ea7e1b8fb4f3a8a31d8890ba8284f9e20c764dc5344c704ca11
                                                                                                                                                                                • Instruction ID: 340223c3b687b152f1aeb60aefb0bf00f6d8adebad3fe2e92a15339ec7dfffb5
                                                                                                                                                                                • Opcode Fuzzy Hash: 9d542fed69c75ea7e1b8fb4f3a8a31d8890ba8284f9e20c764dc5344c704ca11
                                                                                                                                                                                • Instruction Fuzzy Hash: 32118E34D09298EFCB04DBE4CD58A9DBBF1AF95304F5480A8D001AB385DBB46A04DB92
                                                                                                                                                                                Function 00BE7FD9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetParent.USER32(00000009), ref: 00BE8008
                                                                                                                                                                                Strings
                                                                                                                                                                                • C:\ReleaseAI\stubs\setup\controls\generic\VisualStyleBorder.h, xrefs: 00BE7FDB
                                                                                                                                                                                • 4V, xrefs: 00BE801E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Parent
                                                                                                                                                                                • String ID: 4V$C:\ReleaseAI\stubs\setup\controls\generic\VisualStyleBorder.h
                                                                                                                                                                                • API String ID: 975332729-2048292001
                                                                                                                                                                                • Opcode ID: 4da79f9411b9bd4f2aaa28fb335b0d4583fbc19303d8ee2c595f541046b972bf
                                                                                                                                                                                • Instruction ID: 0df4f114e732463903e2eb129df8b1b06e2c904018ef13726d5861fdcdf9a259
                                                                                                                                                                                • Opcode Fuzzy Hash: 4da79f9411b9bd4f2aaa28fb335b0d4583fbc19303d8ee2c595f541046b972bf
                                                                                                                                                                                • Instruction Fuzzy Hash: E0117C34905288DECF05DBE4CD58A9DBFB1AF59304F6480A8D005AF296DBB55E09DB41
                                                                                                                                                                                Function 00BD32DE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • 4V, xrefs: 00BD331D
                                                                                                                                                                                • C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp, xrefs: 00BD32E0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ActiveWindow
                                                                                                                                                                                • String ID: 4V$C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp
                                                                                                                                                                                • API String ID: 2558294473-3853628876
                                                                                                                                                                                • Opcode ID: cf7566b50bd7d651bab75c8cda93dad962ede60d4f180ce0a1971b4ce9ead59d
                                                                                                                                                                                • Instruction ID: 266691f0aaf11134c59cd12c4a675d0e0f1ab0c4f4a5143805b3c24497e7cfd9
                                                                                                                                                                                • Opcode Fuzzy Hash: cf7566b50bd7d651bab75c8cda93dad962ede60d4f180ce0a1971b4ce9ead59d
                                                                                                                                                                                • Instruction Fuzzy Hash: 8E11C034D05298DECF04DBE4CE58B9CBBF1AF55304F608099D001AB385DBB05B08DB52
                                                                                                                                                                                Function 00BD364F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • 4V, xrefs: 00BD3691
                                                                                                                                                                                • C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp, xrefs: 00BD3654
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ActiveWindow
                                                                                                                                                                                • String ID: 4V$C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp
                                                                                                                                                                                • API String ID: 2558294473-3853628876
                                                                                                                                                                                • Opcode ID: 7c358da0f2deb949693a7c75615dac801497592ca47b1a3a232df4e45d5ea9b5
                                                                                                                                                                                • Instruction ID: 1bcd0e75c0fff6ea3cab2e476bbd365d6397ce864a14311530adc23266af2dab
                                                                                                                                                                                • Opcode Fuzzy Hash: 7c358da0f2deb949693a7c75615dac801497592ca47b1a3a232df4e45d5ea9b5
                                                                                                                                                                                • Instruction Fuzzy Hash: DC11AD34D05298EECF04DBE4CD58B9DBBF1AF55304F6080A9D0016B386DBB05B08DB62
                                                                                                                                                                                Function 00BE806F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetParent.USER32(0000000F), ref: 00BE80A2
                                                                                                                                                                                Strings
                                                                                                                                                                                • Unknown exception, xrefs: 00BE8077
                                                                                                                                                                                • C:\ReleaseAI\stubs\setup\controls\generic\VisualStyleBorder.h, xrefs: 00BE8087
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Parent
                                                                                                                                                                                • String ID: C:\ReleaseAI\stubs\setup\controls\generic\VisualStyleBorder.h$Unknown exception
                                                                                                                                                                                • API String ID: 975332729-9186675
                                                                                                                                                                                • Opcode ID: 50c5fb84a4670f75cdbc7099e243479125d578ff77416ec42136b16f4884007f
                                                                                                                                                                                • Instruction ID: 8cc97edff20c50f6e91b2b7eb861f42e1ea722d8457e0b5f3a6834d1e462155d
                                                                                                                                                                                • Opcode Fuzzy Hash: 50c5fb84a4670f75cdbc7099e243479125d578ff77416ec42136b16f4884007f
                                                                                                                                                                                • Instruction Fuzzy Hash: 51016D35D05288EFCF01EBE4C959BDDBFB0AF59300F548498E041BB296DBB49A48DB91
                                                                                                                                                                                Function 00BD36E2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • Unknown exception, xrefs: 00BD36EA
                                                                                                                                                                                • C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp, xrefs: 00BD36FD
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ActiveWindow
                                                                                                                                                                                • String ID: C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp$Unknown exception
                                                                                                                                                                                • API String ID: 2558294473-2631306498
                                                                                                                                                                                • Opcode ID: ed0f4debace7599787fa9484535f1788a684c06cf900cc58d60d05bd6dfcbfa1
                                                                                                                                                                                • Instruction ID: d2f78a9e81072b59d7128d82b72705ccf5b22fae49d86b47766b7d81fcc3681d
                                                                                                                                                                                • Opcode Fuzzy Hash: ed0f4debace7599787fa9484535f1788a684c06cf900cc58d60d05bd6dfcbfa1
                                                                                                                                                                                • Instruction Fuzzy Hash: 07016930D05298EACB05EBE8C955BCDBBB0AF59300F548498D0416B286DBB45A08E792
                                                                                                                                                                                Function 00BD336E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • Unknown exception, xrefs: 00BD3376
                                                                                                                                                                                • C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp, xrefs: 00BD3386
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ActiveWindow
                                                                                                                                                                                • String ID: C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp$Unknown exception
                                                                                                                                                                                • API String ID: 2558294473-2631306498
                                                                                                                                                                                • Opcode ID: 77e8d6c6a88a09dfb92fe3496ecd821db5d94104ace52e09c8e9376c81c93c76
                                                                                                                                                                                • Instruction ID: e8c317e7fd3a283d0814cd3396058eb38359039fc34b7f56e7ea42be2aff5187
                                                                                                                                                                                • Opcode Fuzzy Hash: 77e8d6c6a88a09dfb92fe3496ecd821db5d94104ace52e09c8e9376c81c93c76
                                                                                                                                                                                • Instruction Fuzzy Hash: 67018C30D05298EECB05EBE4C919BDDBFF0AF59300F548498D0416B282DBB45B08E792
                                                                                                                                                                                Function 00D8F694 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00BD9C30: InitializeCriticalSectionAndSpinCount.KERNEL32(00EA7D50,00000000,3B919AFF,00BC0000,Function_001F7F70,000000FF,?,00D8F6C3,?,?,?,00BC7586), ref: 00BD9C55
                                                                                                                                                                                  • Part of subcall function 00BD9C30: GetLastError.KERNEL32(?,00D8F6C3,?,?,?,00BC7586), ref: 00BD9C5F
                                                                                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,00BC7586), ref: 00D8F6C7
                                                                                                                                                                                • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00BC7586), ref: 00D8F6D6
                                                                                                                                                                                Strings
                                                                                                                                                                                • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00D8F6D1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1966439343.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.1966412460.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966657651.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966727769.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966749933.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966777883.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.1966806304.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                                                                                                                                                                • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                • API String ID: 450123788-631824599
                                                                                                                                                                                • Opcode ID: 4f9d186fc1e47cb01c153ae236040e404c6957f73ef706cdc88568cfbed9c799
                                                                                                                                                                                • Instruction ID: b35be6335ba01b9c39fcdda89d873d03ba064f1ebeb6591323137d5e03801a46
                                                                                                                                                                                • Opcode Fuzzy Hash: 4f9d186fc1e47cb01c153ae236040e404c6957f73ef706cdc88568cfbed9c799
                                                                                                                                                                                • Instruction Fuzzy Hash: 0FE092712007418FD370BF25E915782BBE4AF14344F04896DE896D3751EBB5E488CB71

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:1.8%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                Total number of Nodes:293
                                                                                                                                                                                Total number of Limit Nodes:21
                                                                                                                                                                                execution_graph 32485 d32c10 32486 d32c4d 32485->32486 32489 d32c54 32485->32489 32526 d8fe6a 32486->32526 32488 d32e96 32499 bc7690 42 API calls 2 library calls 32489->32499 32491 d32e6d 32525 bc8810 40 API calls 2 library calls 32491->32525 32494 d32e3f 32494->32491 32496 d33790 66 API calls 32494->32496 32496->32494 32497 bc7b80 40 API calls 32498 d32c7c 32497->32498 32498->32494 32498->32497 32500 d5f560 42 API calls 3 library calls 32498->32500 32501 d33790 32498->32501 32499->32498 32500->32498 32503 d33816 32501->32503 32502 d33855 32533 d33150 32502->32533 32503->32502 32563 bfaec0 42 API calls 5 library calls 32503->32563 32506 d339d1 32570 bf9f10 40 API calls 2 library calls 32506->32570 32507 d33884 32511 d338df 32507->32511 32564 c37af0 42 API calls 5 library calls 32507->32564 32510 d339f5 32571 bc8810 40 API calls 2 library calls 32510->32571 32511->32506 32565 bc8190 42 API calls 2 library calls 32511->32565 32513 d33a04 32515 d8fe6a __startOneArgErrorHandling 5 API calls 32513->32515 32516 d33a1b 32515->32516 32516->32498 32517 d33981 32566 bc7690 42 API calls 2 library calls 32517->32566 32519 d33997 32567 d31ca0 40 API calls 2 library calls 32519->32567 32521 d339ac 32568 bc8810 40 API calls 2 library calls 32521->32568 32523 d339c5 32569 bc8810 40 API calls 2 library calls 32523->32569 32525->32486 32527 d8fe72 32526->32527 32528 d8fe73 IsProcessorFeaturePresent 32526->32528 32527->32488 32530 d90573 32528->32530 32661 d90536 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 32530->32661 32532 d90656 32532->32488 32534 d33185 32533->32534 32535 d331b7 32534->32535 32539 d3323c 32534->32539 32572 d8fea9 32535->32572 32540 d33277 32539->32540 32541 d332e8 32539->32541 32542 d8fea9 std::_Facet_Register 15 API calls 32540->32542 32544 d3336f 32541->32544 32545 d3331c 32541->32545 32543 d3327e 32542->32543 32543->32507 32548 d333fa 32544->32548 32550 d333a7 32544->32550 32547 d8fea9 std::_Facet_Register 15 API calls 32545->32547 32546 d331ff 32546->32507 32549 d33323 32547->32549 32554 d33437 32548->32554 32555 d33493 32548->32555 32549->32507 32552 d8fea9 std::_Facet_Register 15 API calls 32550->32552 32551 d33520 32553 d8fea9 std::_Facet_Register 15 API calls 32551->32553 32556 d333ae 32552->32556 32557 d33527 32553->32557 32558 d8fea9 std::_Facet_Register 15 API calls 32554->32558 32555->32551 32560 d334c4 32555->32560 32556->32507 32557->32507 32559 d3343e 32558->32559 32559->32507 32561 d8fea9 std::_Facet_Register 15 API calls 32560->32561 32562 d334cb 32561->32562 32562->32507 32563->32502 32564->32507 32565->32517 32566->32519 32567->32521 32568->32523 32569->32506 32570->32510 32571->32513 32574 d8feae 32572->32574 32575 d331be 32574->32575 32577 d8feca std::_Facet_Register 32574->32577 32586 d99d0b 32574->32586 32593 da54d3 EnterCriticalSection std::_Facet_Register 32574->32593 32580 c91680 32575->32580 32594 d91bfa 32577->32594 32579 d90d10 32581 c916b4 32580->32581 32585 c916d1 std::ios_base::_Ios_base_dtor 32580->32585 32582 d8fea9 std::_Facet_Register 15 API calls 32581->32582 32583 c916bb 32582->32583 32599 d26ae0 32583->32599 32585->32546 32591 da8247 __dosmaperr 32586->32591 32587 da8285 32598 d9540f 13 API calls __dosmaperr 32587->32598 32588 da8270 RtlAllocateHeap 32590 da8283 32588->32590 32588->32591 32590->32574 32591->32587 32591->32588 32597 da54d3 EnterCriticalSection std::_Facet_Register 32591->32597 32593->32574 32595 d91c41 RaiseException 32594->32595 32596 d91c14 32594->32596 32595->32579 32596->32595 32597->32591 32598->32590 32602 ce1b30 32599->32602 32609 ce1da0 32602->32609 32606 ce1c15 32606->32585 32607 ce1b80 __set_se_translator 32607->32606 32621 d90328 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 32607->32621 32610 ce1dd7 32609->32610 32616 ce1b59 32609->32616 32611 d90372 4 API calls 32610->32611 32612 ce1de1 32611->32612 32612->32616 32622 ce1e40 32612->32622 32616->32606 32617 d90372 EnterCriticalSection 32616->32617 32618 d90386 32617->32618 32619 d9038b 32618->32619 32660 d903fa SleepConditionVariableCS WaitForSingleObjectEx EnterCriticalSection 32618->32660 32619->32607 32621->32606 32623 ce1e96 RegOpenKeyExW 32622->32623 32624 ce1ebc RegQueryValueExW RegQueryValueExW 32623->32624 32625 ce217b 32623->32625 32626 ce1f1f RegQueryValueExW 32624->32626 32627 ce1f7b RegQueryValueExW 32624->32627 32628 ce2196 RegCloseKey 32625->32628 32629 ce21a7 32625->32629 32626->32627 32632 ce1f53 32626->32632 32634 ce1fbe 32627->32634 32628->32629 32630 d8fe6a __startOneArgErrorHandling 5 API calls 32629->32630 32631 ce1e0a 32630->32631 32648 d90328 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 32631->32648 32632->32627 32633 ce200b RegQueryValueExW 32635 ce205d RegQueryValueExW 32633->32635 32636 ce2038 32633->32636 32634->32633 32638 ce208a 32635->32638 32636->32635 32637 ce213b 32640 ce216f 32637->32640 32641 ce2145 GetCurrentProcess IsWow64Process 32637->32641 32638->32637 32639 d90372 4 API calls 32638->32639 32642 ce20fe 32639->32642 32649 ce21d0 32640->32649 32641->32640 32643 ce2163 32641->32643 32642->32637 32644 ce210a GetModuleHandleW GetProcAddress 32642->32644 32643->32640 32659 d90328 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 32644->32659 32647 ce2138 32647->32637 32648->32616 32650 ce2228 RegOpenKeyExW 32649->32650 32651 ce224e RegQueryValueExW 32650->32651 32655 ce2300 32650->32655 32654 ce22cf RegQueryValueExW 32651->32654 32658 ce2281 32651->32658 32652 ce24de 32656 d8fe6a __startOneArgErrorHandling 5 API calls 32652->32656 32653 ce24cd RegCloseKey 32653->32652 32654->32655 32655->32652 32655->32653 32657 ce24f6 32656->32657 32657->32625 32658->32654 32659->32647 32660->32618 32661->32532 32662 da5fc2 32665 da5d0e 32662->32665 32664 da5ff3 32666 da5d1a std::_Locinfo::_Locinfo_ctor 32665->32666 32671 da38b3 EnterCriticalSection 32666->32671 32668 da5d28 32672 da5d69 32668->32672 32670 da5d35 32670->32664 32671->32668 32673 da5d84 32672->32673 32680 da5df7 std::_Lockit::_Lockit 32672->32680 32673->32680 32681 da5dd7 32673->32681 32682 d99d3c 32673->32682 32675 d99d3c 43 API calls 32676 da5ded 32675->32676 32692 da820d 13 API calls 2 library calls 32676->32692 32677 da5dcd 32691 da820d 13 API calls 2 library calls 32677->32691 32680->32670 32681->32675 32681->32680 32683 d99d49 32682->32683 32684 d99d64 32682->32684 32683->32684 32686 d99d55 32683->32686 32685 d99d73 32684->32685 32706 daa150 41 API calls 2 library calls 32684->32706 32693 daa183 32685->32693 32705 d9540f 13 API calls __dosmaperr 32686->32705 32689 d99d5a __set_se_translator 32689->32677 32691->32681 32692->32680 32694 daa19b 32693->32694 32695 daa190 32693->32695 32697 daa1a3 32694->32697 32703 daa1ac __dosmaperr 32694->32703 32707 da8247 32695->32707 32714 da820d 13 API calls 2 library calls 32697->32714 32699 daa1b1 32715 d9540f 13 API calls __dosmaperr 32699->32715 32700 daa1d6 RtlReAllocateHeap 32701 daa198 32700->32701 32700->32703 32701->32689 32703->32699 32703->32700 32716 da54d3 EnterCriticalSection std::_Facet_Register 32703->32716 32705->32689 32706->32685 32708 da8285 32707->32708 32712 da8255 __dosmaperr 32707->32712 32718 d9540f 13 API calls __dosmaperr 32708->32718 32709 da8270 RtlAllocateHeap 32711 da8283 32709->32711 32709->32712 32711->32701 32712->32708 32712->32709 32717 da54d3 EnterCriticalSection std::_Facet_Register 32712->32717 32714->32701 32715->32701 32716->32703 32717->32712 32718->32711 32719 cbb9e0 32726 cbbef0 32719->32726 32722 cbbef0 65 API calls 32723 cbba40 32722->32723 32742 bd72b0 26 API calls 32723->32742 32725 cbba66 32727 cbbf1f 32726->32727 32728 cbb9ef 32726->32728 32729 d90372 4 API calls 32727->32729 32741 cbbf85 32727->32741 32728->32722 32730 cbbf3e 32729->32730 32730->32741 32743 c9a630 GetSystemDirectoryW 32730->32743 32731 d90372 4 API calls 32732 cbbf9f 32731->32732 32732->32728 32734 cbbfab GetProcAddress 32732->32734 32770 d90328 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 32734->32770 32735 cbbf5b 32768 d9022a 43 API calls 32735->32768 32738 cbbfd9 32738->32728 32739 cbbf74 32769 d90328 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 32739->32769 32741->32728 32741->32731 32742->32725 32744 c9a73b 32743->32744 32745 c9a67f 32743->32745 32746 d8fe6a __startOneArgErrorHandling 5 API calls 32744->32746 32745->32744 32771 bcab90 32745->32771 32748 c9a78b 32746->32748 32748->32735 32750 c9a699 32754 c9a6c3 32750->32754 32755 c9a6b5 32750->32755 32751 c9a793 32799 bca850 32751->32799 32753 c9a79d 32756 d8fea9 std::_Facet_Register 15 API calls 32753->32756 32798 bca6d0 42 API calls 4 library calls 32754->32798 32797 bca140 49 API calls 32755->32797 32758 c9a8f2 32756->32758 32803 bde010 42 API calls 3 library calls 32758->32803 32759 c9a6c1 32786 be11b0 32759->32786 32762 c9a93a 32762->32735 32765 be11b0 42 API calls 32766 c9a729 32765->32766 32766->32744 32767 c9a73f LoadLibraryExW 32766->32767 32767->32744 32768->32739 32769->32741 32770->32738 32772 bcabc8 32771->32772 32783 bcac1c 32771->32783 32773 d90372 4 API calls 32772->32773 32775 bcabd2 32773->32775 32774 d90372 4 API calls 32777 bcac36 32774->32777 32776 bcabde GetProcessHeap 32775->32776 32775->32783 32804 d9022a 43 API calls 32776->32804 32785 bcaca7 32777->32785 32806 d9022a 43 API calls 32777->32806 32779 bcac0b 32805 d90328 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 32779->32805 32782 bcac96 32807 d90328 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 32782->32807 32783->32774 32783->32785 32785->32750 32785->32751 32789 be11d6 32786->32789 32792 be1241 std::locale::_Locimp::_Locimp 32786->32792 32787 bca850 2 API calls 32788 be128c 32787->32788 32789->32792 32795 be1220 __set_se_translator 32789->32795 32808 bca660 42 API calls 32789->32808 32791 be126f 32791->32765 32792->32787 32792->32791 32794 be125d 32810 d952ef 40 API calls __cftof 32794->32810 32795->32792 32809 d9540f 13 API calls __dosmaperr 32795->32809 32797->32759 32798->32759 32800 bca85d 32799->32800 32801 d91bfa Concurrency::cancel_current_task RaiseException 32800->32801 32802 bca86a RtlAllocateHeap 32801->32802 32802->32753 32803->32762 32804->32779 32805->32783 32806->32782 32807->32785 32808->32795 32809->32794 32810->32792 32811 cc2170 32812 cc21a7 32811->32812 32818 cc21e7 32811->32818 32813 d90372 4 API calls 32812->32813 32814 cc21b1 32813->32814 32814->32818 32819 d9022a 43 API calls 32814->32819 32816 cc21d3 32820 d90328 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 32816->32820 32819->32816 32820->32818 32821 bc8700 32822 bc874b 32821->32822 32823 bc870b 32821->32823 32836 bc86e0 42 API calls 3 library calls 32822->32836 32824 bc8714 32823->32824 32825 bc8736 32823->32825 32824->32822 32827 bc871b 32824->32827 32828 bc8746 32825->32828 32831 d8fea9 std::_Facet_Register 15 API calls 32825->32831 32830 d8fea9 std::_Facet_Register 15 API calls 32827->32830 32829 bc8721 32835 bc872a 32829->32835 32837 d952ff 40 API calls 2 library calls 32829->32837 32830->32829 32833 bc8740 32831->32833 32836->32829 32838 bcaa60 32839 bcaa6c 32838->32839 32840 bcaaa4 32838->32840 32839->32840 32841 bca850 2 API calls 32839->32841 32841->32840 32842 cde790 32843 cde7d8 GetCurrentProcess OpenProcessToken 32842->32843 32844 cde7fc GetTokenInformation 32843->32844 32845 cde7ef GetLastError 32843->32845 32847 cde81f GetLastError 32844->32847 32848 cde84b 32844->32848 32846 cde8a4 32845->32846 32849 cde8dd 32846->32849 32850 cde8cf CloseHandle 32846->32850 32851 cde89e GetLastError 32847->32851 32852 cde82a 32847->32852 32848->32851 32853 cde851 AllocateAndInitializeSid 32848->32853 32854 d8fe6a __startOneArgErrorHandling 5 API calls 32849->32854 32850->32849 32851->32846 32857 cde835 GetTokenInformation 32852->32857 32853->32846 32855 cde882 EqualSid FreeSid 32853->32855 32856 cde8f6 32854->32856 32855->32846 32857->32848 32857->32851

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 00C9A630 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 228libraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 149 c9a630-c9a679 GetSystemDirectoryW 150 c9a76f 149->150 151 c9a67f-c9a684 149->151 152 c9a771-c9a792 call d8fe6a 150->152 151->150 153 c9a68a-c9a693 call bcab90 151->153 158 c9a699-c9a6b3 153->158 159 c9a793-c9a9b9 call bca850 call d8fea9 call bde010 153->159 163 c9a6c3-c9a6c9 158->163 164 c9a6b5-c9a6c1 call bca140 158->164 168 c9a6d0-c9a6d9 163->168 173 c9a6ec-c9a704 call be11b0 164->173 168->168 169 c9a6db-c9a6e7 call bca6d0 168->169 169->173 178 c9a70a-c9a70f 173->178 179 c9a706-c9a708 173->179 181 c9a710-c9a719 178->181 180 c9a71f-c9a739 call be11b0 call d91658 179->180 187 c9a73b-c9a73d 180->187 188 c9a73f-c9a74a LoadLibraryExW 180->188 181->181 182 c9a71b-c9a71d 181->182 182->180 189 c9a74c-c9a761 187->189 188->189 190 c9a76b-c9a76d 189->190 191 c9a763-c9a766 189->191 190->152 191->190
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00C9A671
                                                                                                                                                                                  • Part of subcall function 00BCAB90: GetProcessHeap.KERNEL32 ref: 00BCABE5
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCAC17
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCACA2
                                                                                                                                                                                  • Part of subcall function 00BCA140: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,00BC124B,http://,?,80004005,E252F71D,?,00DBA6EF,000000FF), ref: 00BCA163
                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000000,00DECDED,000000FF), ref: 00C9A744
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Init_thread_footer$DirectoryFindHeapLibraryLoadProcessResourceSystem
                                                                                                                                                                                • String ID: UxTheme.dll
                                                                                                                                                                                • API String ID: 2586271605-352951104
                                                                                                                                                                                • Opcode ID: fda3b9fb1f3b897aee81f15ee17167c3a6328472fd345e90f2b82456248d9799
                                                                                                                                                                                • Instruction ID: f63d8b72c13890a8c4e89cb8d1c4eabbb3c8fd16546149227a23749bf7ee661c
                                                                                                                                                                                • Opcode Fuzzy Hash: fda3b9fb1f3b897aee81f15ee17167c3a6328472fd345e90f2b82456248d9799
                                                                                                                                                                                • Instruction Fuzzy Hash: 9BA19BB0500645EFEB14CF65C819B9ABBF0FF04318F20865DE4299B681D7BAA618CFD1
                                                                                                                                                                                Function 00CE1E40 Relevance: 42.2, APIs: 13, Strings: 11, Instructions: 224registrylibraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                • RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,00020119,00000000), ref: 00CE1EAE
                                                                                                                                                                                • RegQueryValueExW.KERNEL32(00000000,CurrentMajorVersionNumber,00000000,00000000,?,?), ref: 00CE1EF5
                                                                                                                                                                                • RegQueryValueExW.KERNEL32(00000000,CurrentMinorVersionNumber,00000000,00000000,?,00000004), ref: 00CE1F14
                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(00000000,CurrentVersion,00000000,00000000,?,?), ref: 00CE1F43
                                                                                                                                                                                • RegQueryValueExW.KERNEL32(00000000,CurrentBuildNumber,00000000,00000000,?,?), ref: 00CE1FB8
                                                                                                                                                                                • RegQueryValueExW.KERNEL32(00000000,ReleaseId,00000000,00000000,?,?), ref: 00CE2032
                                                                                                                                                                                • RegQueryValueExW.KERNEL32(00000000,CSDVersion,00000000,00000000,?,?), ref: 00CE2084
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 00CE2118
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00CE211F
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00CE2133
                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?), ref: 00CE2156
                                                                                                                                                                                • IsWow64Process.KERNEL32(00000000), ref: 00CE215D
                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00CE2197
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: QueryValue$Process$AddressCloseCurrentHandleInit_thread_footerModuleOpenProcWow64
                                                                                                                                                                                • String ID: $($CSDVersion$CurrentBuildNumber$CurrentMajorVersionNumber$CurrentMinorVersionNumber$CurrentVersion$IsWow64Process$ReleaseId$Software\Microsoft\Windows NT\CurrentVersion$kernel32
                                                                                                                                                                                • API String ID: 1906320730-1460865504
                                                                                                                                                                                • Opcode ID: 680f046bbb84479be292d18c5bd46dfaf6279a80115096375c82564d3d0e068b
                                                                                                                                                                                • Instruction ID: 89c77f2b34bf7d956f2d269bfb6eee9c536f3d834ab93b85a0a9d9076763f5ca
                                                                                                                                                                                • Opcode Fuzzy Hash: 680f046bbb84479be292d18c5bd46dfaf6279a80115096375c82564d3d0e068b
                                                                                                                                                                                • Instruction Fuzzy Hash: B5918EB19013689EEB20CF11CC45F99BBB9FB49710F0041E6E919B7290EB756E98CF50
                                                                                                                                                                                Function 00CE21D0 Relevance: 40.5, APIs: 4, Strings: 19, Instructions: 220registryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 43 ce21d0-ce2248 RegOpenKeyExW 45 ce224e-ce227f RegQueryValueExW 43->45 46 ce24b2-ce24cb 43->46 49 ce22cf-ce22fa RegQueryValueExW 45->49 50 ce2281-ce2293 call ce7a80 45->50 47 ce24de-ce24f9 call d8fe6a 46->47 48 ce24cd-ce24d4 RegCloseKey 46->48 48->47 49->46 51 ce2300-ce2311 49->51 59 ce22a4-ce22bb call ce7a80 50->59 60 ce2295-ce22a2 50->60 54 ce231d-ce231f 51->54 55 ce2313-ce231b 51->55 54->46 58 ce2325-ce232c 54->58 55->54 55->55 61 ce2330-ce233e call ce7a80 58->61 67 ce22bd 59->67 68 ce22c2-ce22c8 59->68 62 ce22ca 60->62 69 ce2349-ce2357 call ce7a80 61->69 70 ce2340-ce2344 61->70 62->49 67->68 68->62 75 ce2359-ce235d 69->75 76 ce2362-ce2370 call ce7a80 69->76 71 ce2484 70->71 74 ce248b-ce2498 71->74 77 ce24aa-ce24ac 74->77 78 ce249a 74->78 75->71 82 ce237b-ce2389 call ce7a80 76->82 83 ce2372-ce2376 76->83 77->46 77->61 79 ce24a0-ce24a8 78->79 79->77 79->79 86 ce238b-ce238f 82->86 87 ce2394-ce23a2 call ce7a80 82->87 83->71 86->71 90 ce23ad-ce23bb call ce7a80 87->90 91 ce23a4-ce23a8 87->91 94 ce23bd-ce23c1 90->94 95 ce23c6-ce23d4 call ce7a80 90->95 91->71 94->71 98 ce23df-ce23ed call ce7a80 95->98 99 ce23d6-ce23da 95->99 102 ce23ef-ce23f4 98->102 103 ce23f9-ce2407 call ce7a80 98->103 99->71 104 ce2481 102->104 107 ce2409-ce240e 103->107 108 ce2410-ce241e call ce7a80 103->108 104->71 107->104 111 ce2427-ce2435 call ce7a80 108->111 112 ce2420-ce2425 108->112 115 ce243e-ce244c call ce7a80 111->115 116 ce2437-ce243c 111->116 112->104 119 ce244e-ce2453 115->119 120 ce2455-ce2463 call ce7a80 115->120 116->104 119->104 123 ce246c-ce247a call ce7a80 120->123 124 ce2465-ce246a 120->124 123->74 127 ce247c 123->127 124->104 127->104
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegOpenKeyExW.KERNEL32(80000002,SYSTEM\CurrentControlSet\Control\ProductOptions,00000000,00020119,00000000), ref: 00CE2240
                                                                                                                                                                                • RegQueryValueExW.KERNEL32(00000000,ProductType,00000000,00000000,?), ref: 00CE227B
                                                                                                                                                                                • RegQueryValueExW.KERNEL32(00000000,ProductSuite,00000000,00000000,?,?), ref: 00CE22F6
                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00CE24CE
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: QueryValue$CloseOpen
                                                                                                                                                                                • String ID: BackOffice$Blade$CommunicationServer$Compute Server$DataCenter$Embedded(Restricted)$EmbeddedNT$Enterprise$Personal$ProductSuite$ProductType$SYSTEM\CurrentControlSet\Control\ProductOptions$Security Appliance$ServerNT$Small Business$Small Business(Restricted)$Storage Server$Terminal Server$WinNT
                                                                                                                                                                                • API String ID: 1586453840-3149529848
                                                                                                                                                                                • Opcode ID: 02f714e48c1b998e9fc1e96d498eaf1716cec8ac6a950502c9e8c576b3728e71
                                                                                                                                                                                • Instruction ID: 70c98a4caa58071d508d6adc150c75450455c98f5eaabe6ab1c02d2dc508b6b6
                                                                                                                                                                                • Opcode Fuzzy Hash: 02f714e48c1b998e9fc1e96d498eaf1716cec8ac6a950502c9e8c576b3728e71
                                                                                                                                                                                • Instruction Fuzzy Hash: 237124717003888AEB249B23CC497AF76ACEB94744F102575EA17BB2D1EB38DE45DB40
                                                                                                                                                                                Function 00CDE790 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 117memoryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 00CDE7D8
                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,00000008,00000000), ref: 00CDE7E5
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00CDE7EF
                                                                                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,00000000,?), ref: 00CDE819
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00CDE81F
                                                                                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),?,?,?,?), ref: 00CDE845
                                                                                                                                                                                • AllocateAndInitializeSid.ADVAPI32(00000000,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00CDE878
                                                                                                                                                                                • EqualSid.ADVAPI32(00000000,?), ref: 00CDE887
                                                                                                                                                                                • FreeSid.ADVAPI32(?), ref: 00CDE896
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00CDE8D0
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Token$ErrorInformationLastProcess$AllocateCloseCurrentEqualFreeHandleInitializeOpen
                                                                                                                                                                                • String ID: <3
                                                                                                                                                                                • API String ID: 695978879-878583566
                                                                                                                                                                                • Opcode ID: 1ceaa2c3da7e459a60a0f4fa7a753fe1a69fe27bf02eef96cea1d5cba2a7fe9f
                                                                                                                                                                                • Instruction ID: 2a38088d67f33d1ad5c908c6069752ee75130bc7cbd71bcf935f545df8ec7d94
                                                                                                                                                                                • Opcode Fuzzy Hash: 1ceaa2c3da7e459a60a0f4fa7a753fe1a69fe27bf02eef96cea1d5cba2a7fe9f
                                                                                                                                                                                • Instruction Fuzzy Hash: CF414871900219AFEF10DFA5CD49BEEBBB9FF09310F104019E521B6290DB799A08DBA4
                                                                                                                                                                                Function 00DAA1EC Relevance: 4.7, APIs: 3, Instructions: 202COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 192 daa1ec-daa205 193 daa21b-daa220 192->193 194 daa207-daa217 call da54a8 192->194 196 daa22f-daa255 call daf3b0 193->196 197 daa222-daa22c 193->197 194->193 200 daa219 194->200 202 daa25b-daa266 196->202 203 daa3c8-daa3d9 call d8fe6a 196->203 197->196 200->193 205 daa3bb 202->205 206 daa26c-daa271 202->206 209 daa3bd 205->209 207 daa273-daa27c call d90c90 206->207 208 daa286-daa291 call da8247 206->208 217 daa27e-daa284 207->217 218 daa29c-daa2a0 207->218 208->218 219 daa293 208->219 213 daa3bf-daa3c6 call d8f56a 209->213 213->203 221 daa299 217->221 218->209 222 daa2a6-daa2bd call daf3b0 218->222 219->221 221->218 222->209 225 daa2c3-daa2d5 call da9f58 222->225 227 daa2da-daa2de 225->227 228 daa2f9-daa2fb 227->228 229 daa2e0-daa2e8 227->229 228->209 230 daa2ea-daa2ef 229->230 231 daa322-daa32e 229->231 232 daa3a1-daa3a3 230->232 233 daa2f5-daa2f7 230->233 234 daa3ad 231->234 235 daa330-daa332 231->235 232->213 233->228 237 daa300-daa31a call da9f58 233->237 236 daa3af-daa3b6 call d8f56a 234->236 238 daa347-daa352 call da8247 235->238 239 daa334-daa33d call d90c90 235->239 236->228 237->232 249 daa320 237->249 238->236 248 daa354 238->248 239->236 250 daa33f-daa345 239->250 251 daa35a-daa35f 248->251 249->228 250->251 251->236 252 daa361-daa379 call da9f58 251->252 252->236 255 daa37b-daa382 252->255 256 daa384-daa385 255->256 257 daa3a5-daa3ab 255->257 258 daa386-daa398 call daf42c 256->258 257->258 258->236 261 daa39a-daa3a0 call d8f56a 258->261 261->232
                                                                                                                                                                                APIs
                                                                                                                                                                                • __freea.LIBCMT ref: 00DAA39B
                                                                                                                                                                                  • Part of subcall function 00DA8247: RtlAllocateHeap.NTDLL(00000000,00000001,00000009,?,00D9153C,0000000B,00000009,00000009,?,?,00BCFEBC,0000000D,0000000D), ref: 00DA8279
                                                                                                                                                                                • __freea.LIBCMT ref: 00DAA3B0
                                                                                                                                                                                • __freea.LIBCMT ref: 00DAA3C0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __freea$AllocateHeap
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2243444508-0
                                                                                                                                                                                • Opcode ID: a97f4aa2cfca0188bcc25764c7e9a12ee40812d72323f8aa69a1a3dea8471c0d
                                                                                                                                                                                • Instruction ID: 6b0624c201cee0de6b4ab137e4dfc472e3fceb9fc741f236ff25efa4349fd12f
                                                                                                                                                                                • Opcode Fuzzy Hash: a97f4aa2cfca0188bcc25764c7e9a12ee40812d72323f8aa69a1a3dea8471c0d
                                                                                                                                                                                • Instruction Fuzzy Hash: 65518D72600216AFEF21AFA89C81EAF77A9EF46750B190629FD08D6150E732CC10C672
                                                                                                                                                                                Function 00D9B563 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,?,00D9B55D,00000016,00D950F2,?,?,E252F71D,00D950F2,?), ref: 00D9B574
                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,?,00D9B55D,00000016,00D950F2,?,?,E252F71D,00D950F2,?), ref: 00D9B57B
                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00D9B58D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1703294689-0
                                                                                                                                                                                • Opcode ID: 7ec442a659d628989783be3e6a583018d7ae6e7f2c865bd4967da8b62f165024
                                                                                                                                                                                • Instruction ID: 7205f077c3948d9ed39f155e4d5c6a65cf5f945fb0f852bcf147242b033af927
                                                                                                                                                                                • Opcode Fuzzy Hash: 7ec442a659d628989783be3e6a583018d7ae6e7f2c865bd4967da8b62f165024
                                                                                                                                                                                • Instruction Fuzzy Hash: 80D09E31000548AFCF812FA2EE0D9DD3F26EF44361B468111F90555031DF759996DB60
                                                                                                                                                                                Function 00DAFF9D Relevance: 3.2, APIs: 2, Instructions: 177COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 271 daff9d-daffc5 call dafaca 274 daffcb-daffd1 271->274 275 db018d-db018e call dafb3b 271->275 277 daffd4-daffda 274->277 278 db0193-db0195 275->278 279 db00dc-db00fb call d921f0 277->279 280 daffe0-daffec 277->280 282 db0196-db01a4 call d8fe6a 278->282 288 db00fe-db0103 279->288 280->277 283 daffee-dafff4 280->283 286 dafffa-db0006 IsValidCodePage 283->286 287 db00d4-db00d7 283->287 286->287 290 db000c-db0013 286->290 287->282 291 db0140-db014a 288->291 292 db0105-db010a 288->292 293 db003b-db0048 GetCPInfo 290->293 294 db0015-db0021 290->294 291->288 299 db014c-db0176 call dafa8c 291->299 297 db013d 292->297 298 db010c-db0114 292->298 295 db004a-db0069 call d921f0 293->295 296 db00c8-db00ce 293->296 300 db0025-db0031 call dafb9e 294->300 295->300 311 db006b-db0072 295->311 296->275 296->287 297->291 302 db0116-db0119 298->302 303 db0135-db013b 298->303 310 db0177-db0186 299->310 307 db0036 300->307 309 db011b-db0121 302->309 303->292 303->297 307->278 309->303 312 db0123-db0133 309->312 310->310 313 db0188 310->313 314 db009e-db00a1 311->314 315 db0074-db0079 311->315 312->303 312->309 313->275 317 db00a6-db00ad 314->317 315->314 316 db007b-db0083 315->316 318 db0096-db009c 316->318 319 db0085-db008c 316->319 317->317 320 db00af-db00c3 call dafa8c 317->320 318->314 318->315 321 db008d-db0094 319->321 320->300 321->318 321->321
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00DAFACA: GetOEMCP.KERNEL32(00000000,?,?,00000016,?), ref: 00DAFAF5
                                                                                                                                                                                • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,00DAFDE1,?,00000000,?,00000016,?), ref: 00DAFFFE
                                                                                                                                                                                • GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,00DAFDE1,?,00000000,?,00000016,?), ref: 00DB0040
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CodeInfoPageValid
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 546120528-0
                                                                                                                                                                                • Opcode ID: b435950463acd8e17301bf28fede47597ef2911d0c7106ae30d90a0c635b3295
                                                                                                                                                                                • Instruction ID: 8366780b2c21f3256732ea06f2d91c98cc1fb59e9f1df5df7528635250655002
                                                                                                                                                                                • Opcode Fuzzy Hash: b435950463acd8e17301bf28fede47597ef2911d0c7106ae30d90a0c635b3295
                                                                                                                                                                                • Instruction Fuzzy Hash: CF510F70A003449EDB25DF7AC880BEBBFF4EF85300F18816AD08787251E6749946CBB0
                                                                                                                                                                                Function 00DA9F58 Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 324 da9f58-da9f67 call da99ae 327 da9f69-da9f8e LCMapStringEx 324->327 328 da9f90-da9faa call da9fb5 LCMapStringW 324->328 332 da9fb0-da9fb2 327->332 328->332
                                                                                                                                                                                APIs
                                                                                                                                                                                • LCMapStringEx.KERNEL32(?,00DAA2DA,?,?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00DA9F8C
                                                                                                                                                                                • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,00DAA2DA,?,?,00000000,?,00000000), ref: 00DA9FAA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: String
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2568140703-0
                                                                                                                                                                                • Opcode ID: 45c0cad590344142bdd151b6e5371f9296ac83b8393a77276706aa554ae2e944
                                                                                                                                                                                • Instruction ID: d6fc79d7e12c8511efa53bc2b79fef075367473bacad2aef825b4da5cde79402
                                                                                                                                                                                • Opcode Fuzzy Hash: 45c0cad590344142bdd151b6e5371f9296ac83b8393a77276706aa554ae2e944
                                                                                                                                                                                • Instruction Fuzzy Hash: F3F0683240411ABFCF125F91DC159DEBE66EF49360B098110BA1865030CA36D872EBA4
                                                                                                                                                                                Function 00DAFB9E Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 333 dafb9e-dafbc0 334 dafcd9-dafcff 333->334 335 dafbc6-dafbd8 GetCPInfo 333->335 336 dafd04-dafd09 334->336 335->334 337 dafbde-dafbe5 335->337 338 dafd0b-dafd11 336->338 339 dafd13-dafd19 336->339 340 dafbe7-dafbf1 337->340 341 dafd21-dafd23 338->341 342 dafd1b-dafd1e 339->342 343 dafd25 339->343 340->340 344 dafbf3-dafc06 340->344 345 dafd27-dafd39 341->345 342->341 343->345 346 dafc27-dafc29 344->346 345->336 349 dafd3b-dafd49 call d8fe6a 345->349 347 dafc2b-dafc62 call dacc3f call daa3da 346->347 348 dafc08-dafc0f 346->348 359 dafc67-dafc9c call daa3da 347->359 352 dafc1e-dafc20 348->352 353 dafc22-dafc25 352->353 354 dafc11-dafc13 352->354 353->346 354->353 357 dafc15-dafc1d 354->357 357->352 362 dafc9e-dafca8 359->362 363 dafcaa-dafcb4 362->363 364 dafcb6-dafcb8 362->364 365 dafcc8-dafcd5 363->365 366 dafcba-dafcc4 364->366 367 dafcc6 364->367 365->362 368 dafcd7 365->368 366->365 367->365 368->349
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetCPInfo.KERNEL32(E8458D00,?,00DAFDED,00DAFDE1,00000000), ref: 00DAFBD0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Info
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1807457897-0
                                                                                                                                                                                • Opcode ID: 2853230fcdc8a62c610f48c7ebd8d54877676b3711398d8c968717ed27be0183
                                                                                                                                                                                • Instruction ID: 359228557c3fe120301f8bba557bbeb35e69a591496a85cb89c1bc0f7b529638
                                                                                                                                                                                • Opcode Fuzzy Hash: 2853230fcdc8a62c610f48c7ebd8d54877676b3711398d8c968717ed27be0183
                                                                                                                                                                                • Instruction Fuzzy Hash: 2E5169B190425C9ADF228B69CDC0AE67BB8EB57314F2405FDE49AC7182C335AD46DB30
                                                                                                                                                                                Function 00DAA183 Relevance: 1.5, APIs: 1, Instructions: 44memoryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 369 daa183-daa18e 370 daa19b-daa1a1 369->370 371 daa190-daa199 call da8247 369->371 373 daa1ac-daa1af 370->373 374 daa1a3-daa1aa call da820d 370->374 379 daa1bf-daa1c1 371->379 377 daa1b1-daa1b6 call d9540f 373->377 378 daa1d6-daa1e8 RtlReAllocateHeap 373->378 385 daa1bc 374->385 377->385 380 daa1ea 378->380 381 daa1c2-daa1c9 call da79bb 378->381 384 daa1be 380->384 381->377 389 daa1cb-daa1d4 call da54d3 381->389 384->379 385->384 389->377 389->378
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00DA8247: RtlAllocateHeap.NTDLL(00000000,00000001,00000009,?,00D9153C,0000000B,00000009,00000009,?,?,00BCFEBC,0000000D,0000000D), ref: 00DA8279
                                                                                                                                                                                • RtlReAllocateHeap.NTDLL(00000000,00000000,00BC88A0,00DA5FF3,00000000,?,00D99D85,00000000,00DA5FF3,FFFFFFFF,?,?,?,00DA5DED,?,FFFFFFFF), ref: 00DAA1E0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                • Opcode ID: 66b2f4c62bcc4bf81b31bda6609f97ff44a3c128fe6f987a1094bfe64bedb7a6
                                                                                                                                                                                • Instruction ID: 78efb4ba9457d0b55513a3c494c43775ab5e43cc8e3d76674ce2c4db629e4295
                                                                                                                                                                                • Opcode Fuzzy Hash: 66b2f4c62bcc4bf81b31bda6609f97ff44a3c128fe6f987a1094bfe64bedb7a6
                                                                                                                                                                                • Instruction Fuzzy Hash: 03F062322017157ADB223A2AAC00F6B3759DF83770F29422AFC28A6190DF20D841D5B2
                                                                                                                                                                                Function 00CC2170 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 392 cc2170-cc21a5 393 cc21ea-cc2208 392->393 394 cc21a7-cc21bb call d90372 392->394 394->393 397 cc21bd-cc21c4 call cc2280 394->397 399 cc21c9-cc21e7 call d9022a call d90328 397->399 399->393
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00D90372: EnterCriticalSection.KERNEL32(00EA7DCC,?,?,?,00BCAC36,00EA89FC,E252F71D,?,?,00DB84ED,000000FF,?,00BC1177,E252F71D,?,00DBA6EF), ref: 00D9037D
                                                                                                                                                                                  • Part of subcall function 00D90372: LeaveCriticalSection.KERNEL32(00EA7DCC,?,?,?,00BCAC36,00EA89FC,E252F71D,?,?,00DB84ED,000000FF,?,00BC1177,E252F71D,?,00DBA6EF), ref: 00D903BA
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00CC21E2
                                                                                                                                                                                  • Part of subcall function 00D90328: EnterCriticalSection.KERNEL32(00EA7DCC,?,?,00BCACA7,00EA89FC,00E15FA0), ref: 00D90332
                                                                                                                                                                                  • Part of subcall function 00D90328: LeaveCriticalSection.KERNEL32(00EA7DCC,?,?,00BCACA7,00EA89FC,00E15FA0), ref: 00D90365
                                                                                                                                                                                  • Part of subcall function 00D90328: RtlWakeAllConditionVariable.NTDLL ref: 00D903DC
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2296764815-0
                                                                                                                                                                                • Opcode ID: 3bba610a05bba1b0f5f4ab867743a4e95c4619d3a087508358952c3a296ea1e0
                                                                                                                                                                                • Instruction ID: 71a7d5aa1b9d04b3f5a66e3268b8b852d8b9a0db120b5e2831bfce09232fdf11
                                                                                                                                                                                • Opcode Fuzzy Hash: 3bba610a05bba1b0f5f4ab867743a4e95c4619d3a087508358952c3a296ea1e0
                                                                                                                                                                                • Instruction Fuzzy Hash: E10184B1904704DFDB14DB58EC4AB1877A0E70E720F11433EF526A77D0D735BA048A21
                                                                                                                                                                                Function 00DA97AF Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 416 da97af-da97ba 417 da97c8-da97ce 416->417 418 da97bc-da97c6 416->418 420 da97d0-da97d1 417->420 421 da97e7-da97f8 RtlAllocateHeap 417->421 418->417 419 da97fc-da9807 call d9540f 418->419 426 da9809-da980b 419->426 420->421 422 da97fa 421->422 423 da97d3-da97da call da79bb 421->423 422->426 423->419 429 da97dc-da97e5 call da54d3 423->429 429->419 429->421
                                                                                                                                                                                APIs
                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000008,0000000D,00000001,?,00DA8004,00000001,00000364,00000001,00000002,000000FF,?,00D9153C,0000000B,00000009,00000009), ref: 00DA97F0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                • Opcode ID: 4a1124c5e39bd5ee126cd70e7ba09b5dfb2f14c31daec9a66b2f31f4e0e00792
                                                                                                                                                                                • Instruction ID: caa62716d32657bb1f37cd455ee9cf6f81a4e707b450328bf2baaa042069fb91
                                                                                                                                                                                • Opcode Fuzzy Hash: 4a1124c5e39bd5ee126cd70e7ba09b5dfb2f14c31daec9a66b2f31f4e0e00792
                                                                                                                                                                                • Instruction Fuzzy Hash: 17F0893251552567DF216E269C55B5BBB49DF47760B1C8121EC05A71D4CE60DC0586F0
                                                                                                                                                                                Function 00CE1DA0 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 404 ce1da0-ce1dd5 405 ce1e1e-ce1e31 404->405 406 ce1dd7-ce1deb call d90372 404->406 406->405 409 ce1ded-ce1e05 call ce1ac0 call ce1e40 406->409 413 ce1e0a-ce1e1b call d90328 409->413 413->405
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00D90372: EnterCriticalSection.KERNEL32(00EA7DCC,?,?,?,00BCAC36,00EA89FC,E252F71D,?,?,00DB84ED,000000FF,?,00BC1177,E252F71D,?,00DBA6EF), ref: 00D9037D
                                                                                                                                                                                  • Part of subcall function 00D90372: LeaveCriticalSection.KERNEL32(00EA7DCC,?,?,?,00BCAC36,00EA89FC,E252F71D,?,?,00DB84ED,000000FF,?,00BC1177,E252F71D,?,00DBA6EF), ref: 00D903BA
                                                                                                                                                                                  • Part of subcall function 00CE1E40: RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,00020119,00000000), ref: 00CE1EAE
                                                                                                                                                                                  • Part of subcall function 00CE1E40: RegQueryValueExW.KERNEL32(00000000,CurrentMajorVersionNumber,00000000,00000000,?,?), ref: 00CE1EF5
                                                                                                                                                                                  • Part of subcall function 00CE1E40: RegQueryValueExW.KERNEL32(00000000,CurrentMinorVersionNumber,00000000,00000000,?,00000004), ref: 00CE1F14
                                                                                                                                                                                  • Part of subcall function 00CE1E40: RegQueryValueExW.ADVAPI32(00000000,CurrentVersion,00000000,00000000,?,?), ref: 00CE1F43
                                                                                                                                                                                  • Part of subcall function 00CE1E40: RegQueryValueExW.KERNEL32(00000000,CurrentBuildNumber,00000000,00000000,?,?), ref: 00CE1FB8
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00CE1E16
                                                                                                                                                                                  • Part of subcall function 00D90328: EnterCriticalSection.KERNEL32(00EA7DCC,?,?,00BCACA7,00EA89FC,00E15FA0), ref: 00D90332
                                                                                                                                                                                  • Part of subcall function 00D90328: LeaveCriticalSection.KERNEL32(00EA7DCC,?,?,00BCACA7,00EA89FC,00E15FA0), ref: 00D90365
                                                                                                                                                                                  • Part of subcall function 00D90328: RtlWakeAllConditionVariable.NTDLL ref: 00D903DC
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalQuerySectionValue$EnterLeave$ConditionInit_thread_footerOpenVariableWake
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3563064969-0
                                                                                                                                                                                • Opcode ID: 987ee92e3badd904b3b84550987d64fdf46b29354014d7bd299e22e8b850ed05
                                                                                                                                                                                • Instruction ID: 9c305f3693e25117be35bdaacdc0527ed07ae8920f97e24e7dfb2532562e3d05
                                                                                                                                                                                • Opcode Fuzzy Hash: 987ee92e3badd904b3b84550987d64fdf46b29354014d7bd299e22e8b850ed05
                                                                                                                                                                                • Instruction Fuzzy Hash: F201F771B406449FC720DB59D91AB1973A4F70AB30F100739FD22AB3C1D7307A108671
                                                                                                                                                                                Function 00BCA850 Relevance: 1.5, APIs: 1, Instructions: 34memoryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 432 bca850-bca8ae call bca840 call d91bfa RtlAllocateHeap
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00D91BFA: RaiseException.KERNEL32(E06D7363,00000001,00000003,00000009,?,00000009,?,00D8D941,00000009,00E9E49C,00000000,00000009), ref: 00D91C5A
                                                                                                                                                                                • RtlAllocateHeap.NTDLL(?,00000000,?,E252F71D,00000000,00DB7F70,000000FF,?,?,00E9F01C,?,00BC11E6,80004005,E252F71D,?,00DBA6EF), ref: 00BCA89A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocateExceptionHeapRaise
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3789339297-0
                                                                                                                                                                                • Opcode ID: 31e1237f5034df57948752c51d90e8bc396329bd703aef78303e44b1c6e7ee4b
                                                                                                                                                                                • Instruction ID: 94f37a0fe39c950a4bbfabc284804a968257df2769b25cce82a9cd8802ee1335
                                                                                                                                                                                • Opcode Fuzzy Hash: 31e1237f5034df57948752c51d90e8bc396329bd703aef78303e44b1c6e7ee4b
                                                                                                                                                                                • Instruction Fuzzy Hash: DDF0E231604248FFCB04CF10DC01F96BBA9FB08B04F008529FA0592690DB36A8008A54
                                                                                                                                                                                Function 00DA8247 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 437 da8247-da8253 438 da8285-da8290 call d9540f 437->438 439 da8255-da8257 437->439 446 da8292-da8294 438->446 440 da8259-da825a 439->440 441 da8270-da8281 RtlAllocateHeap 439->441 440->441 443 da825c-da8263 call da79bb 441->443 444 da8283 441->444 443->438 449 da8265-da826e call da54d3 443->449 444->446 449->438 449->441
                                                                                                                                                                                APIs
                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000001,00000009,?,00D9153C,0000000B,00000009,00000009,?,?,00BCFEBC,0000000D,0000000D), ref: 00DA8279
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                • Opcode ID: 69b83f565929edef180baa1edeb010d3f9c43651d527d74c663a080ebb0cde5b
                                                                                                                                                                                • Instruction ID: a7f314243d43f5272372e9f42cea6d89981922ab6660d1e990a7a991f1eafde0
                                                                                                                                                                                • Opcode Fuzzy Hash: 69b83f565929edef180baa1edeb010d3f9c43651d527d74c663a080ebb0cde5b
                                                                                                                                                                                • Instruction Fuzzy Hash: 21E09B31545E205BDF212B66AD04BBF3649DF873A0F1D4121EC55960D0DF50DC0466F9
                                                                                                                                                                                Function 00DA5F5B Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog3
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 431132790-0
                                                                                                                                                                                • Opcode ID: feff77aedb54a04cc4fa93b31517ef094c2cd9a118d6f43658f067a5eb909b3d
                                                                                                                                                                                • Instruction ID: 3d4140f6a9f3aba42f7b985ea5e6636a482a51dcc829fd63275195e46772b241
                                                                                                                                                                                • Opcode Fuzzy Hash: feff77aedb54a04cc4fa93b31517ef094c2cd9a118d6f43658f067a5eb909b3d
                                                                                                                                                                                • Instruction Fuzzy Hash: 2BE07576C0060EAEDF00DFD4D552AEEBBB8EB08310F504126A205E7141EA7497858FB1

                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                Function 00BD5580 Relevance: 12.4, APIs: 8, Instructions: 389nativememoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00BD5A10: EnterCriticalSection.KERNEL32(00EAE7BC,E252F71D,00000002,00000000,00DBB23D,000000FF,?,00BD4987,00000002,00000000,E252F71D), ref: 00BD5A4D
                                                                                                                                                                                  • Part of subcall function 00BD5A10: LoadCursorW.USER32(00000000,00007F00), ref: 00BD5AC8
                                                                                                                                                                                  • Part of subcall function 00BD5A10: LoadCursorW.USER32(00000000,00007F00), ref: 00BD5B6E
                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00BD5623
                                                                                                                                                                                • NtdllDefWindowProc_W.NTDLL(?,?,00000001,?), ref: 00BD5754
                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00BD5836
                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00BD5844
                                                                                                                                                                                • GlobalUnlock.KERNEL32(?), ref: 00BD5898
                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00BD593C
                                                                                                                                                                                • NtdllDefWindowProc_W.NTDLL(?,?,?,00000000), ref: 00BD5983
                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00BD59A2
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FreeGlobalString$CursorLoadNtdllProc_Window$AllocCriticalEnterLockSectionUnlock
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 306625881-0
                                                                                                                                                                                • Opcode ID: e59cf19b45e50cf46c049e11937360752d118cc56271bf95067f689e2dfd8729
                                                                                                                                                                                • Instruction ID: 2bc7be7b68b8377e33a4bee09018c8485f0768556c4d6f482aafb7ed4219e8ba
                                                                                                                                                                                • Opcode Fuzzy Hash: e59cf19b45e50cf46c049e11937360752d118cc56271bf95067f689e2dfd8729
                                                                                                                                                                                • Instruction Fuzzy Hash: 99D1A171900609EFDB21DFA5CC48BAEBBF8EF49310F144199E911A7391E7799D04CBA1
                                                                                                                                                                                Function 00D8F9A7 Relevance: 9.0, APIs: 6, Instructions: 41memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(0000000C,00D8F8C3,00000000,?,00D8FA5B,00000000,?,?,00BD7074,?), ref: 00D8F9A9
                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008,00000000,00000000,?,?,00BD7074,?), ref: 00D8F9D0
                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,00BD7074,?), ref: 00D8F9D7
                                                                                                                                                                                • InitializeSListHead.KERNEL32(00000000,?,?,00BD7074,?), ref: 00D8F9E4
                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00BD7074,?), ref: 00D8F9F9
                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,00BD7074,?), ref: 00D8FA00
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Heap$Process$AllocFeatureFreeHeadInitializeListPresentProcessor
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1475849761-0
                                                                                                                                                                                • Opcode ID: 84c30a9521fe740d7e2af317c0c147a7292cb8209228eb34005d2d9d94289de9
                                                                                                                                                                                • Instruction ID: d41b2834f7c85935eada6cefe90a93d336aa58abcdd4466ea7e1774621b305e2
                                                                                                                                                                                • Opcode Fuzzy Hash: 84c30a9521fe740d7e2af317c0c147a7292cb8209228eb34005d2d9d94289de9
                                                                                                                                                                                • Instruction Fuzzy Hash: 52F0AF316006019FE721EF3AAD08B5637E9EF9DB22F054428E986E3260DF70D4088B60
                                                                                                                                                                                Function 00BD4EB7 Relevance: 7.9, APIs: 5, Instructions: 384COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8fdf0bfc66d43262edfa5f6960009cc75be96a2aa4cf48eddf1465ee0210d7c3
                                                                                                                                                                                • Instruction ID: 1e481ce029f715160f5839a054cf04fbd2f90c5a5c2480f896ae49b4cc9bf9bb
                                                                                                                                                                                • Opcode Fuzzy Hash: 8fdf0bfc66d43262edfa5f6960009cc75be96a2aa4cf48eddf1465ee0210d7c3
                                                                                                                                                                                • Instruction Fuzzy Hash: 42D1D171A016069FDB20DF68DC48BAEFBE8EF45310F1401AAE915A7391EB35DD04CBA1
                                                                                                                                                                                Function 00CBC450 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 367COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • MulDiv.KERNEL32(?,00000000), ref: 00CBC77A
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: NumberValidationTipMsg$NumberValidationTipTitle$Segoe UI
                                                                                                                                                                                • API String ID: 0-2319862951
                                                                                                                                                                                • Opcode ID: 7a97778d5a37288eff8e9b9cf7457689f4a49a2984bd87d699ac35608dec9651
                                                                                                                                                                                • Instruction ID: 7d167ec47d9e8db59caf7b0c4e30249c514637c59968bcf1aaa346b5e2a24846
                                                                                                                                                                                • Opcode Fuzzy Hash: 7a97778d5a37288eff8e9b9cf7457689f4a49a2984bd87d699ac35608dec9651
                                                                                                                                                                                • Instruction Fuzzy Hash: 32D1C071A00705AFEB14CF34CC95BEEB7B1EF89300F108699E556A72D1DB746A49CBA0
                                                                                                                                                                                Function 00BFB200 Relevance: 21.4, APIs: 4, Strings: 8, Instructions: 358libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000000,?,?,00000043), ref: 00BFB328
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,InitializeEmbeddedUI), ref: 00BFB341
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000043,ShutdownEmbeddedUI), ref: 00BFB34D
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000043,EmbeddedUIHandler), ref: 00BFB35A
                                                                                                                                                                                  • Part of subcall function 00BCA850: RtlAllocateHeap.NTDLL(?,00000000,?,E252F71D,00000000,00DB7F70,000000FF,?,?,00E9F01C,?,00BC11E6,80004005,E252F71D,?,00DBA6EF), ref: 00BCA89A
                                                                                                                                                                                  • Part of subcall function 00BCAB90: GetProcessHeap.KERNEL32 ref: 00BCABE5
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCAC17
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCACA2
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressProc$HeapInit_thread_footer$AllocateLibraryLoadProcess
                                                                                                                                                                                • String ID: build $20.2.1$EmbeddedUIHandler$INAN$InitializeEmbeddedUI$SELECT `Data` FROM `Binary` WHERE `Name` = 'InstallerAnalytics.dll'$ShutdownEmbeddedUI$b066527d
                                                                                                                                                                                • API String ID: 2564778481-3828485712
                                                                                                                                                                                • Opcode ID: 76ecbedea6921251f9a201c0b3bf650e3f88b8f58db79d930445be8ab9916e0d
                                                                                                                                                                                • Instruction ID: 883ae3b91b76c57a0c1d3a2757b2c9f3d79bc96073bee915687dfe40623c2c34
                                                                                                                                                                                • Opcode Fuzzy Hash: 76ecbedea6921251f9a201c0b3bf650e3f88b8f58db79d930445be8ab9916e0d
                                                                                                                                                                                • Instruction Fuzzy Hash: F2D19F719002099FDB04DFA8CD45FAEBBF5FF48314F14466DE915A7291EB74AA08CBA0
                                                                                                                                                                                Function 00BCE620 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 233libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryW.KERNEL32(combase.dll,RoGetActivationFactory), ref: 00BCE62E
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,combase.dll), ref: 00BCE634
                                                                                                                                                                                • LoadLibraryW.KERNEL32(combase.dll,CoIncrementMTAUsage,?,?), ref: 00BCE667
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,combase.dll), ref: 00BCE66D
                                                                                                                                                                                • LoadLibraryW.KERNEL32(?,.dll,00000004,-00000001,00000000,00E2329C,00000000,00000000,00000000), ref: 00BCE78D
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,DllGetActivationFactory), ref: 00BCE7D6
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                • String ID: .dll$CoIncrementMTAUsage$DllGetActivationFactory$RoGetActivationFactory$combase.dll
                                                                                                                                                                                • API String ID: 2574300362-2454113998
                                                                                                                                                                                • Opcode ID: ad1137c30ab414a392a2453d4d430c4ba78b42b26cf6cdcff2c80302f78f0b86
                                                                                                                                                                                • Instruction ID: 538a1c9758d90f995df0efec1568d268ac3141ec09b86fea0713bc28ad812d03
                                                                                                                                                                                • Opcode Fuzzy Hash: ad1137c30ab414a392a2453d4d430c4ba78b42b26cf6cdcff2c80302f78f0b86
                                                                                                                                                                                • Instruction Fuzzy Hash: 3E916871E10209DFDB14EFA8D895FADBBF1EF58700F2481ADE421A7290DB749A44CB60
                                                                                                                                                                                Function 00BD5A10 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00EAE7BC,E252F71D,00000002,00000000,00DBB23D,000000FF,?,00BD4987,00000002,00000000,E252F71D), ref: 00BD5A4D
                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00BD5AC8
                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00BD5B6E
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00EAE7BC), ref: 00BD5BC3
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalCursorLoadSection$EnterLeave
                                                                                                                                                                                • String ID: v$0$AtlAxWin140$AtlAxWinLic140$WM_ATLGETCONTROL$WM_ATLGETHOST$xS
                                                                                                                                                                                • API String ID: 3727441302-1767827779
                                                                                                                                                                                • Opcode ID: a8aa8d4e53b45a67953650ca91338d1d18724f294839a2d7aaf5e23a9733b161
                                                                                                                                                                                • Instruction ID: 8df1910f639867e50876e5178af3914d535dc05ad710ef996e0ea087b3638bca
                                                                                                                                                                                • Opcode Fuzzy Hash: a8aa8d4e53b45a67953650ca91338d1d18724f294839a2d7aaf5e23a9733b161
                                                                                                                                                                                • Instruction Fuzzy Hash: 045103B1D053189FDB11CFA5DD44BAEBFF8BB09314F10015AE454B7390EBB569088BA1
                                                                                                                                                                                Function 00CE0270 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 414fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00BCAB90: GetProcessHeap.KERNEL32 ref: 00BCABE5
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCAC17
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCACA2
                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,E252F71D,000000D8,?), ref: 00CE03B9
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00CE072A
                                                                                                                                                                                  • Part of subcall function 00CE0180: LoadStringW.USER32(000000D8,?,00000514,E252F71D), ref: 00CE01D6
                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00001000,?,00000000,00001000), ref: 00CE042B
                                                                                                                                                                                • ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,00000000), ref: 00CE06CC
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$Init_thread_footerRead$CloseCreateHandleHeapLoadProcessString
                                                                                                                                                                                • String ID: <3
                                                                                                                                                                                • API String ID: 1714711150-878583566
                                                                                                                                                                                • Opcode ID: e98998357d3aea03707a0e44bfca587d3c2cc94e7c8e3f71c10ec32f11232b26
                                                                                                                                                                                • Instruction ID: 93545fecd0c2b7b28aca1c8cc0e78357f54c344ec289235c13e611ac48ea2ac1
                                                                                                                                                                                • Opcode Fuzzy Hash: e98998357d3aea03707a0e44bfca587d3c2cc94e7c8e3f71c10ec32f11232b26
                                                                                                                                                                                • Instruction Fuzzy Hash: 35F19071D00348DBDB10CFA9C949BAEBBB5FF45314F30825DE815AB281D7B4AA85CB91
                                                                                                                                                                                Function 00BFBA5C Relevance: 14.4, APIs: 3, Strings: 5, Instructions: 414stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: lstrcmpi
                                                                                                                                                                                • String ID: ($Launch failed. Error:$Return code of launched file:$appx$msixbundle
                                                                                                                                                                                • API String ID: 1586166983-1496264694
                                                                                                                                                                                • Opcode ID: 84f3baf8835dcbe11efab03fe2171c80c6b13a0cc7bdfda730fa7fdce68e3233
                                                                                                                                                                                • Instruction ID: 8189e2fc50a600729eda2b9a62a0353093c4e7ffd025cf8db3e388be1886a0e7
                                                                                                                                                                                • Opcode Fuzzy Hash: 84f3baf8835dcbe11efab03fe2171c80c6b13a0cc7bdfda730fa7fdce68e3233
                                                                                                                                                                                • Instruction Fuzzy Hash: 30F18D31D0025CCFDB24CB68C855BADBBF1EF59314F288299D515B7292DB70AA89CF90
                                                                                                                                                                                Function 00BDD0A0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 150fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00BDD18F
                                                                                                                                                                                  • Part of subcall function 00D90328: EnterCriticalSection.KERNEL32(00EA7DCC,?,?,00BCACA7,00EA89FC,00E15FA0), ref: 00D90332
                                                                                                                                                                                  • Part of subcall function 00D90328: LeaveCriticalSection.KERNEL32(00EA7DCC,?,?,00BCACA7,00EA89FC,00E15FA0), ref: 00D90365
                                                                                                                                                                                  • Part of subcall function 00D90328: RtlWakeAllConditionVariable.NTDLL ref: 00D903DC
                                                                                                                                                                                • CreateFileW.KERNEL32(00000000,40000000,00000001,00000000,00000002,00000080,00000000,?,E252F71F), ref: 00BDD1E3
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00BDD240
                                                                                                                                                                                  • Part of subcall function 00D90372: EnterCriticalSection.KERNEL32(00EA7DCC,?,?,?,00BCAC36,00EA89FC,E252F71D,?,?,00DB84ED,000000FF,?,00BC1177,E252F71D,?,00DBA6EF), ref: 00D9037D
                                                                                                                                                                                  • Part of subcall function 00D90372: LeaveCriticalSection.KERNEL32(00EA7DCC,?,?,?,00BCAC36,00EA89FC,E252F71D,?,?,00DB84ED,000000FF,?,00BC1177,E252F71D,?,00DBA6EF), ref: 00D903BA
                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,?,00000000,00000000,?), ref: 00BDD2A7
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00D8D0EC), ref: 00BDD2CD
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$CloseEnterFileHandleLeave$ConditionCreateInit_thread_footerVariableWakeWrite
                                                                                                                                                                                • String ID: <3$aix$html
                                                                                                                                                                                • API String ID: 2030708724-1345216711
                                                                                                                                                                                • Opcode ID: e80f0c06674ac77ce352a51f0cc5fa33e9a41e85ac8664f0b9638eab8f39d14c
                                                                                                                                                                                • Instruction ID: 5c5ad7e3ce8b8c703ba6316c4c591f534f0edde86f5a3787ef940ba2a1e82a31
                                                                                                                                                                                • Opcode Fuzzy Hash: e80f0c06674ac77ce352a51f0cc5fa33e9a41e85ac8664f0b9638eab8f39d14c
                                                                                                                                                                                • Instruction Fuzzy Hash: CF618CB1900348DFEB14CFA5D949B9EBBF4FB49704F10415AE0117B390EBB96A48CBA1
                                                                                                                                                                                Function 00D8F7A5 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • DecodePointer.KERNEL32(?,?,?,00D8FA9C,00EA7D80,?,00000000,?,?,00BD7B64,00000000), ref: 00D8F7B7
                                                                                                                                                                                • LoadLibraryExA.KERNEL32(atlthunk.dll,00000000,00000800,?,?,?,00D8FA9C,00EA7D80,?,00000000,?,?,00BD7B64,00000000), ref: 00D8F7CC
                                                                                                                                                                                • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00D8F848
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DecodePointer$LibraryLoad
                                                                                                                                                                                • String ID: AtlThunk_AllocateData$AtlThunk_DataToCode$AtlThunk_FreeData$AtlThunk_InitData$atlthunk.dll
                                                                                                                                                                                • API String ID: 1423960858-1745123996
                                                                                                                                                                                • Opcode ID: a38d04e9916244bf0d9415de1535eaca3ef1234cfb3bc6593dde42da930904c4
                                                                                                                                                                                • Instruction ID: f52e57471fb9b05a6a5f2bc7fac907ceb944950a2690aa5aa065e56e73327b26
                                                                                                                                                                                • Opcode Fuzzy Hash: a38d04e9916244bf0d9415de1535eaca3ef1234cfb3bc6593dde42da930904c4
                                                                                                                                                                                • Instruction Fuzzy Hash: 1E018871644701ABDB11BB109D02BDD7BA44F0BB48F080074BC857A2D2D761A54983F5
                                                                                                                                                                                Function 00BFBBDD Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 351stringthreadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 00BFBC6E
                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00BFBE2B
                                                                                                                                                                                • std::_Throw_Cpp_error.LIBCPMT ref: 00BFC1EF
                                                                                                                                                                                • std::_Throw_Cpp_error.LIBCPMT ref: 00BFC1F6
                                                                                                                                                                                • std::_Throw_Cpp_error.LIBCPMT ref: 00BFC1FD
                                                                                                                                                                                • std::_Throw_Cpp_error.LIBCPMT ref: 00BFC213
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Cpp_errorThrow_std::_$CurrentThreadlstrcmpi
                                                                                                                                                                                • String ID: ($Launch failed. Error:$Return code of launched file:$appx
                                                                                                                                                                                • API String ID: 4289525664-3388997937
                                                                                                                                                                                • Opcode ID: cbaf4e871a361a600f4bce81b89552325e6567aac3070974c1322df83da442e7
                                                                                                                                                                                • Instruction ID: 0a94e781a01214308139d29f881910ace234010743233395c5e5e0aa5bcd094f
                                                                                                                                                                                • Opcode Fuzzy Hash: cbaf4e871a361a600f4bce81b89552325e6567aac3070974c1322df83da442e7
                                                                                                                                                                                • Instruction Fuzzy Hash: 13E1AC31D0025CCFDB24CBB8C855BADBBB1EF49314F248298E515A7292DB70AE89CF50
                                                                                                                                                                                Function 00CDA1C0 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 249registrylibraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(Advapi32.dll,E252F71D,E252F71D,?,?), ref: 00CDA404
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 00CDA414
                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,?,?), ref: 00CDA45D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressCloseHandleModuleProc
                                                                                                                                                                                • String ID: Advapi32.dll$D;$RegOpenKeyTransactedW
                                                                                                                                                                                • API String ID: 4190037839-2426696338
                                                                                                                                                                                • Opcode ID: c374c9b409e7d18e740f8082603b7622d37c3066c5ce70a507613034e456cfc6
                                                                                                                                                                                • Instruction ID: feec26a3518754b8227015ca34695fd271ccbf3f8890044c36c91cf509d49dd1
                                                                                                                                                                                • Opcode Fuzzy Hash: c374c9b409e7d18e740f8082603b7622d37c3066c5ce70a507613034e456cfc6
                                                                                                                                                                                • Instruction Fuzzy Hash: 07A158B0D00308DFDB14CFA8C959B9EBBF5BF48300F14855AE515AB391DB74AA04CBA1
                                                                                                                                                                                Function 00BC96A0 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 230COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00BC9785
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00BC97D0
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Init_thread_footer
                                                                                                                                                                                • String ID: </a>$<a href="$<a>$h$h
                                                                                                                                                                                • API String ID: 1385522511-3989131236
                                                                                                                                                                                • Opcode ID: fc5fc3e3ddaf2cf40415d58a26b749a182235b30a165189d4c635bc9be717a42
                                                                                                                                                                                • Instruction ID: f9531bc066661dbfc75c89f467fcaf3742a7c1b43c90f0a79b76c60e43171ece
                                                                                                                                                                                • Opcode Fuzzy Hash: fc5fc3e3ddaf2cf40415d58a26b749a182235b30a165189d4c635bc9be717a42
                                                                                                                                                                                • Instruction Fuzzy Hash: 58916B70A00704EFDB14DF68D859BADB7F1FB49314F10429DE425AB2D1EB70A945CBA0
                                                                                                                                                                                Function 00BD9050 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 151threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetLastError.KERNEL32(0000000E,E252F71D,?,?,00000000,?), ref: 00BD908E
                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00BD90CF
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00EAE7BC), ref: 00BD90EF
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00EAE7BC), ref: 00BD9113
                                                                                                                                                                                  • Part of subcall function 00D8FA13: GetProcessHeap.KERNEL32(00000008,00000008,?,00BD72C7,?,?,00BD7074,?), ref: 00D8FA18
                                                                                                                                                                                  • Part of subcall function 00D8FA13: HeapAlloc.KERNEL32(00000000,?,?,00BD7074,?), ref: 00D8FA1F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalHeapSection$AllocCurrentEnterErrorLastLeaveProcessThread
                                                                                                                                                                                • String ID: v$AXWIN UI Window$K
                                                                                                                                                                                • API String ID: 2176831970-929514671
                                                                                                                                                                                • Opcode ID: 0c0ea2c1483cfc867909490e7df7c5fb9c2049502bc7e5aa299edf00fe150eb1
                                                                                                                                                                                • Instruction ID: a37ecd16027e2d7e9cc2dcdd0715369f0b156d7340ae5bb75d4d8638b1905451
                                                                                                                                                                                • Opcode Fuzzy Hash: 0c0ea2c1483cfc867909490e7df7c5fb9c2049502bc7e5aa299edf00fe150eb1
                                                                                                                                                                                • Instruction Fuzzy Hash: 7751A076A00315AFDB10CF59ED05B9ABBF4FB89714F10816AF914A7380E7B1A814CBA1
                                                                                                                                                                                Function 00BC26E0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 135COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(00EA948C,00000000,E252F71D,00000000,00DF4033,000000FF,?,E252F71D), ref: 00BC2853
                                                                                                                                                                                • GetLastError.KERNEL32(?,E252F71D), ref: 00BC285D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CountCriticalErrorInitializeLastSectionSpin
                                                                                                                                                                                • String ID: Y$DY$VolumeCostDifference$VolumeCostRequired$lY
                                                                                                                                                                                • API String ID: 439134102-1696443367
                                                                                                                                                                                • Opcode ID: 1b2c0ce5dae4fea3c2fecc365f63fa44bce831207ca45d11b1cd9963496337be
                                                                                                                                                                                • Instruction ID: c1f23cd9ba62d78299d2829e5fd3a7c1fc9985e1395be4ee4159b0f38fe9cc1f
                                                                                                                                                                                • Opcode Fuzzy Hash: 1b2c0ce5dae4fea3c2fecc365f63fa44bce831207ca45d11b1cd9963496337be
                                                                                                                                                                                • Instruction Fuzzy Hash: 0551C0B1900608DFDB00DF65D885BAEBBF4EB4D714F00426EE425B7391E775A908CBA1
                                                                                                                                                                                Function 00D8F8B1 Relevance: 12.1, APIs: 8, Instructions: 73memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,0000000D,00000000,?,00D8FA5B,00000000,?,?,00BD7074,?), ref: 00D8F8D5
                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,00BD7074,?), ref: 00D8F8DC
                                                                                                                                                                                  • Part of subcall function 00D8F9A7: IsProcessorFeaturePresent.KERNEL32(0000000C,00D8F8C3,00000000,?,00D8FA5B,00000000,?,?,00BD7074,?), ref: 00D8F9A9
                                                                                                                                                                                • InterlockedPopEntrySList.KERNEL32(00000000,00000000,?,00D8FA5B,00000000,?,?,00BD7074,?), ref: 00D8F8EC
                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,?,00BD7074,?), ref: 00D8F913
                                                                                                                                                                                • RaiseException.KERNEL32(C0000017,00000000,00000000,00000000,?,?,00BD7074,?), ref: 00D8F927
                                                                                                                                                                                • InterlockedPopEntrySList.KERNEL32(00000000,?,?,00BD7074,?), ref: 00D8F93A
                                                                                                                                                                                • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,00BD7074,?), ref: 00D8F94D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocEntryHeapInterlockedListVirtual$ExceptionFeatureFreePresentProcessProcessorRaise
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2460949444-0
                                                                                                                                                                                • Opcode ID: 7d1b08528ee76a000dc73a6306f56aacc296c572e9a4ed9025e7d9a66b4afa54
                                                                                                                                                                                • Instruction ID: 4143f1157423a31a43a5da648af366fa1eedb95b583bbee2a25f6f1103a55437
                                                                                                                                                                                • Opcode Fuzzy Hash: 7d1b08528ee76a000dc73a6306f56aacc296c572e9a4ed9025e7d9a66b4afa54
                                                                                                                                                                                • Instruction Fuzzy Hash: BB11B2B1601A11BFE7227B79AD48FBE7659EB49784F154431FA81F6160DA70DC088BB0
                                                                                                                                                                                Function 00C8E520 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 342COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00C8E7C5
                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00C8E891
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Init_thread_footer
                                                                                                                                                                                • String ID: AI_FRAME_NO_CAPTION_$Dialog$Xu$`Dialog` = '
                                                                                                                                                                                • API String ID: 1385522511-2773411972
                                                                                                                                                                                • Opcode ID: d33321194d085e64099cdd5e0ccc9af5817fd20d78a0b38ed95a93f5674e7dec
                                                                                                                                                                                • Instruction ID: 607fb58233bb8fe8044bec1a2de72045e2ab6f1c53816d2da1030dc51806498a
                                                                                                                                                                                • Opcode Fuzzy Hash: d33321194d085e64099cdd5e0ccc9af5817fd20d78a0b38ed95a93f5674e7dec
                                                                                                                                                                                • Instruction Fuzzy Hash: 4BD1CD71A00204DFCB14DF68DD85B9EBBB1EF89314F248269E815BB391D770BA09CB91
                                                                                                                                                                                Function 00BDD310 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 285registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateEventW.KERNEL32(00000000,00000000,00000000,Caphyon.AI.ExtUI.IEClickSoundRemover,E252F71D), ref: 00BDD3B1
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00BDD3DA
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,00E2329C,00000000,00E2329C,00000000,?,80000001,00000001,00000000,AppEvents\Schemes\Apps\Explorer\Navigating\.Current,00000033), ref: 00BDD64E
                                                                                                                                                                                • CloseHandle.KERNEL32(?,E252F71D,?,?,00000000,00DBC7CD,000000FF,?,00E2329C,00000000,00E2329C,00000000,?,80000001,00000001,00000000), ref: 00BDD6DE
                                                                                                                                                                                Strings
                                                                                                                                                                                • AppEvents\Schemes\Apps\Explorer\Navigating\.Current, xrefs: 00BDD412
                                                                                                                                                                                • Caphyon.AI.ExtUI.IEClickSoundRemover, xrefs: 00BDD3A6
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Close$CreateErrorEventHandleLast
                                                                                                                                                                                • String ID: AppEvents\Schemes\Apps\Explorer\Navigating\.Current$Caphyon.AI.ExtUI.IEClickSoundRemover
                                                                                                                                                                                • API String ID: 1253123496-2079760225
                                                                                                                                                                                • Opcode ID: 43c27b2077b0fe2b41d6cf13eaa4d2f5dee50b45588a06b86fc68de5d96d59d0
                                                                                                                                                                                • Instruction ID: 0ecdb4cbebd1adc15c75c14bd9eafb1149106f6f3cd96297a33bcaecb26f6f14
                                                                                                                                                                                • Opcode Fuzzy Hash: 43c27b2077b0fe2b41d6cf13eaa4d2f5dee50b45588a06b86fc68de5d96d59d0
                                                                                                                                                                                • Instruction Fuzzy Hash: 10C19D70D00248DFDB14CF68C945BAEFBF5EF55304F24829DE459A7281EB74AA48CBA1
                                                                                                                                                                                Function 00BDB490 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 269COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00EA946C,E252F71D,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00DBC0C5), ref: 00BDB4FA
                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(0000FFFF,00000104,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00DBC0C5), ref: 00BDB57A
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00EA9488,?,?,?,?,?,?,?,?,?,?,?,00000000,00DBC0C5,000000FF), ref: 00BDB733
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00EA9488,?,?,?,?,?,?,?,?,?,?,00000000,00DBC0C5,000000FF), ref: 00BDB754
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$Enter$FileLeaveModuleName
                                                                                                                                                                                • String ID: v
                                                                                                                                                                                • API String ID: 1807155316-3261393531
                                                                                                                                                                                • Opcode ID: 502dab6f4a56fa22a3a8ad14e9ef7c75585372a9aeba1e60e1946155e4203b52
                                                                                                                                                                                • Instruction ID: ddbb9e212c3a1f4ce230484ecbc6fed20f1782eaa339c7a3f4483ff3ae57f150
                                                                                                                                                                                • Opcode Fuzzy Hash: 502dab6f4a56fa22a3a8ad14e9ef7c75585372a9aeba1e60e1946155e4203b52
                                                                                                                                                                                • Instruction Fuzzy Hash: FBB15C71900249DFDB11CFA5D888BAEFBF4EB49314F15809AE405AB391DB75AD48CB60
                                                                                                                                                                                Function 00BD0720 Relevance: 10.7, APIs: 7, Instructions: 204memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00BD0814
                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00BD0889
                                                                                                                                                                                • GetProcessHeap.KERNEL32(?,?), ref: 00BD08F9
                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?), ref: 00BD08FF
                                                                                                                                                                                • GetProcessHeap.KERNEL32(?,00000000,?,00000000,00000000,00000000,E252F71D), ref: 00BD092C
                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000,E252F71D), ref: 00BD0932
                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00BD094A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Free$Heap$String$Process
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2680101141-0
                                                                                                                                                                                • Opcode ID: cf34bc5de6c79a1ea25b8eca23f46fad95ca25b7e564560daffd06da555cca2e
                                                                                                                                                                                • Instruction ID: 4d778d4d950093bc2efff439ff64f5e12737d9dbc19a41f2d7516bcfbc560b9b
                                                                                                                                                                                • Opcode Fuzzy Hash: cf34bc5de6c79a1ea25b8eca23f46fad95ca25b7e564560daffd06da555cca2e
                                                                                                                                                                                • Instruction Fuzzy Hash: F6812B70D10219DBDF10EFA8C855BAEFBF4EF45314F1445AAE411AB381E7799A04CBA1
                                                                                                                                                                                Function 00CDC5D0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 169fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RemoveDirectoryW.KERNEL32(E252F71D,00000000,?,\\?\,00000004,?,00CDD053,?,E252F71D), ref: 00CDC673
                                                                                                                                                                                  • Part of subcall function 00BCA140: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,00BC124B,http://,?,80004005,E252F71D,?,00DBA6EF,000000FF), ref: 00BCA163
                                                                                                                                                                                • RemoveDirectoryW.KERNEL32(?,E252F71D,?,00000000,?,00000000,00DF48ED,000000FF,?,00CDD053,?,E252F71D), ref: 00CDC6A2
                                                                                                                                                                                • GetLastError.KERNEL32(?,00CDD053,?,E252F71D), ref: 00CDC6B2
                                                                                                                                                                                • DeleteFileW.KERNEL32(E252F71D,00000000,?,\\?\,00000004,?,00000000,00DF48ED,000000FF,?,80004005,E252F71D,?,00000000,?,00000000), ref: 00CDC783
                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,00DF48ED,000000FF,?,80004005,E252F71D,?,00000000,?,00000000,00DF48ED,000000FF,?,00CDD053), ref: 00CDC7C2
                                                                                                                                                                                  • Part of subcall function 00BCAB90: GetProcessHeap.KERNEL32 ref: 00BCABE5
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCAC17
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCACA2
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DirectoryErrorInit_thread_footerLastRemove$DeleteFileFindHeapProcessResource
                                                                                                                                                                                • String ID: \\?\
                                                                                                                                                                                • API String ID: 34920479-4282027825
                                                                                                                                                                                • Opcode ID: 773d7cb9eecc66fb12c47989d3e068ddde645599c152e96871fe9c644364a35d
                                                                                                                                                                                • Instruction ID: 4d7f67cc15d0be4c252371dc05e65195dc70266ac0a39b845451be12079e094f
                                                                                                                                                                                • Opcode Fuzzy Hash: 773d7cb9eecc66fb12c47989d3e068ddde645599c152e96871fe9c644364a35d
                                                                                                                                                                                • Instruction Fuzzy Hash: 9651DF71A0061A9FDB10DF68C888BAAB7F4EF05320F15465AFA61E7390DB359E08DF51
                                                                                                                                                                                Function 00BD8AF0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 157COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00EAE7BC,E252F71D,00000000,00EAE7D8), ref: 00BD8B63
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00EAE7BC), ref: 00BD8BC8
                                                                                                                                                                                • LoadCursorW.USER32(00BC0000,?), ref: 00BD8C24
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00EAE7BC), ref: 00BD8CBB
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$Leave$CursorEnterLoad
                                                                                                                                                                                • String ID: v$ATL:%p
                                                                                                                                                                                • API String ID: 2080323225-109518622
                                                                                                                                                                                • Opcode ID: 1ecc4c9da46986cb09a60985e846f3e149cfe10d1d996a7751f9898df89d476c
                                                                                                                                                                                • Instruction ID: 7df7eb82be5be307baf5e2b503720f5e87a3f5bc781ba2fe4ade6e636dbb2993
                                                                                                                                                                                • Opcode Fuzzy Hash: 1ecc4c9da46986cb09a60985e846f3e149cfe10d1d996a7751f9898df89d476c
                                                                                                                                                                                • Instruction Fuzzy Hash: 29519B71904B48CFDB20CF69C9456AAFBF4FF19710F04465EE896A7790EB70B9848B60
                                                                                                                                                                                Function 00DA99E2 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00DA9AEF,0000000D,00BCFEBC,00000001,00000000,0000000B,?,00DA9D59,00000021,FlsSetValue,00E1CE7C,00E1CE84,00000001), ref: 00DA9AA3
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                • String ID: api-ms-$ext-ms-
                                                                                                                                                                                • API String ID: 3664257935-537541572
                                                                                                                                                                                • Opcode ID: 6ae183106ecc225fc7688e78cc294d124dfe4731ec971dd8e12765c0bb0ae693
                                                                                                                                                                                • Instruction ID: ce25277ef6404899fe27ebbd7158f54e9bc5ed488903f11c4ee1a825dc8d7643
                                                                                                                                                                                • Opcode Fuzzy Hash: 6ae183106ecc225fc7688e78cc294d124dfe4731ec971dd8e12765c0bb0ae693
                                                                                                                                                                                • Instruction Fuzzy Hash: D021E732A01215AFD7219B65DD61A9BB759EB477B0F394212F906F7290DB30EE04C6F0
                                                                                                                                                                                Function 00BFD180 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 00BFD1C7
                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,00000028,00000000), ref: 00BFD1D4
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00BFD212
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00BFD249
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Process$CloseCurrentErrorHandleLastOpenToken
                                                                                                                                                                                • String ID: <3$SeShutdownPrivilege
                                                                                                                                                                                • API String ID: 2767541406-3515964877
                                                                                                                                                                                • Opcode ID: 30d0ebc75a6828959d0c7181a79e2619d445ce242880acb77737b3caebaf2c6d
                                                                                                                                                                                • Instruction ID: f798230d33abbfda1bd82ee76fb709a3842dc3addfe1657aa1cb3b515e06095a
                                                                                                                                                                                • Opcode Fuzzy Hash: 30d0ebc75a6828959d0c7181a79e2619d445ce242880acb77737b3caebaf2c6d
                                                                                                                                                                                • Instruction Fuzzy Hash: 19217C71A442089FEB10DFA1DD49BEEBBF8FB09714F104159E511B72D0DB75A908CB64
                                                                                                                                                                                Function 00BD7BC0 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 460stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • lstrcmpW.KERNEL32(?,#32770), ref: 00BD7CC1
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: lstrcmp
                                                                                                                                                                                • String ID: #32770
                                                                                                                                                                                • API String ID: 1534048567-463685578
                                                                                                                                                                                • Opcode ID: f8c9f5a139a6a7bdd61ae41ca9395f793c2692868edb9eb1ea22afbbdc833a7e
                                                                                                                                                                                • Instruction ID: 03f938193e83435861ad74a648ac855940c95c13ed9492195f2d92575a8a8603
                                                                                                                                                                                • Opcode Fuzzy Hash: f8c9f5a139a6a7bdd61ae41ca9395f793c2692868edb9eb1ea22afbbdc833a7e
                                                                                                                                                                                • Instruction Fuzzy Hash: E9028D71A04208EFDB14CFA4C948BEEBBF5EF49314F14819AF405AB390EB75A944CB60
                                                                                                                                                                                Function 00BFDC20 Relevance: 9.1, APIs: 6, Instructions: 140COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00BFDC5D
                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00BFDC7F
                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 00BFDCA7
                                                                                                                                                                                • __Getcoll.LIBCPMT ref: 00BFDD71
                                                                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 00BFDDB6
                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 00BFDDEE
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetcollRegister
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1184649410-0
                                                                                                                                                                                • Opcode ID: c391bfd4525a6f23563b7a4e028d413a439d236dc4e48003dea394e40a605919
                                                                                                                                                                                • Instruction ID: 6d28a2dc77f83366b729394b874cfc64ab76d9a20c1faea5b9159e26748ab031
                                                                                                                                                                                • Opcode Fuzzy Hash: c391bfd4525a6f23563b7a4e028d413a439d236dc4e48003dea394e40a605919
                                                                                                                                                                                • Instruction Fuzzy Hash: 41519FB1D00248EFDB01DF98D981BADFBF5FF54310F244199E805AB291DB74AA09CBA1
                                                                                                                                                                                Function 00D91AE3 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00D91ADA,00D91AA6,?,?,00BFB0CD,00CDB340,?,00000008), ref: 00D91AF1
                                                                                                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00D91AFF
                                                                                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00D91B18
                                                                                                                                                                                • SetLastError.KERNEL32(00000000,00D91ADA,00D91AA6,?,?,00BFB0CD,00CDB340,?,00000008), ref: 00D91B6A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3852720340-0
                                                                                                                                                                                • Opcode ID: c99f3b4ef2fe71e65f795e949e1f86c4704289e535c1d2b82e55d492e3e0aa89
                                                                                                                                                                                • Instruction ID: 232aaa9a1b0d5e83f81dd74d31bf9cc61d93f983ffb019c8a8c74a2fc077d7e6
                                                                                                                                                                                • Opcode Fuzzy Hash: c99f3b4ef2fe71e65f795e949e1f86c4704289e535c1d2b82e55d492e3e0aa89
                                                                                                                                                                                • Instruction Fuzzy Hash: BE01473A20A3171EAF242BB6BCC59663749EB577787240329F620630E1FF515C096170
                                                                                                                                                                                Function 00BCF046 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 150libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryW.KERNEL32(?,?,?,?,?,.dll,?,00000000), ref: 00BCF08B
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,DllGetActivationFactory), ref: 00BCF0D4
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,00000000,DllGetActivationFactory,00000002,00000000,?,?,?,?,?,.dll,?,00000000), ref: 00BCF122
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                • String ID: .dll$DllGetActivationFactory
                                                                                                                                                                                • API String ID: 145871493-1250754257
                                                                                                                                                                                • Opcode ID: fe5c227b8e0d1a3c588dc87accfe9a17ea3754f3e619013fbc76b00a95c42d8c
                                                                                                                                                                                • Instruction ID: 7979a9c2fd7e5d8b337645158a2c19a40edb68c58456594df6d765b2a03d03ae
                                                                                                                                                                                • Opcode Fuzzy Hash: fe5c227b8e0d1a3c588dc87accfe9a17ea3754f3e619013fbc76b00a95c42d8c
                                                                                                                                                                                • Instruction Fuzzy Hash: 6B514630D1020ADEDF15DFA8C895BEDBBF2EF58700F2481AEE411A7291DB745A49CB61
                                                                                                                                                                                Function 00CC8330 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 96registrylibraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(Advapi32.dll,E252F71D,E252F71D,?,?,?,?,00DB83F0,000000FF), ref: 00CC8373
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedW), ref: 00CC839C
                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,?,?,?,?,00DB83F0,000000FF), ref: 00CC83FC
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressCloseHandleModuleProc
                                                                                                                                                                                • String ID: Advapi32.dll$RegCreateKeyTransactedW
                                                                                                                                                                                • API String ID: 4190037839-2994018265
                                                                                                                                                                                • Opcode ID: 8ec14845d59ca9685b5bb03be772faef3f45a0b1a640a0d5059769d88ef0c9c1
                                                                                                                                                                                • Instruction ID: cfc13d3926863c31b780b07ccf87e8ad452afe6a4c75eb486c22440af99c8d2b
                                                                                                                                                                                • Opcode Fuzzy Hash: 8ec14845d59ca9685b5bb03be772faef3f45a0b1a640a0d5059769d88ef0c9c1
                                                                                                                                                                                • Instruction Fuzzy Hash: 6231A472644205EFEB14CF45DC45FABBBA8FB08B10F14812AF915E7290EB71A914C764
                                                                                                                                                                                Function 00D9B5F9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,E252F71D,00000001,?,00000000,00E15D89,000000FF,?,00D9B589,?,?,00D9B55D,00000016), ref: 00D9B62E
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00D9B640
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00000000,00E15D89,000000FF,?,00D9B589,?,?,00D9B55D,00000016), ref: 00D9B662
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                                • Opcode ID: a2d7c9d5af039a1c33e7fcc9c01e7a2e0662d6c7a0d54094207e9b6a6efaa203
                                                                                                                                                                                • Instruction ID: d6a862a83422faf9296aaa8ad529acf98dc3cf59a099d27ae3710a9287eb4c87
                                                                                                                                                                                • Opcode Fuzzy Hash: a2d7c9d5af039a1c33e7fcc9c01e7a2e0662d6c7a0d54094207e9b6a6efaa203
                                                                                                                                                                                • Instruction Fuzzy Hash: 2B01A731940619EFDB018F51DD09BEEB7B8FB48721F044626E811B22E0DBB49944CB94
                                                                                                                                                                                Function 00D903FA Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SleepConditionVariableCS.KERNELBASE(?,00D90397,00000064), ref: 00D9041D
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00EA7DCC,?,?,00D90397,00000064,?,?,?,00BCAC36,00EA89FC,E252F71D,?,?,00DB84ED,000000FF), ref: 00D90427
                                                                                                                                                                                • WaitForSingleObjectEx.KERNEL32(?,00000000,?,00D90397,00000064,?,?,?,00BCAC36,00EA89FC,E252F71D,?,?,00DB84ED,000000FF), ref: 00D90438
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00EA7DCC,?,00D90397,00000064,?,?,?,00BCAC36,00EA89FC,E252F71D,?,?,00DB84ED,000000FF,?,00BC1177), ref: 00D9043F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                                • String ID: v
                                                                                                                                                                                • API String ID: 3269011525-3261393531
                                                                                                                                                                                • Opcode ID: 497c16de4f735e54c39d9c29a25e3ccf613fd30f9a133fc15ad6e0d1b8324d8a
                                                                                                                                                                                • Instruction ID: 39f4df9d215d08a14d4adf18c3888ba945a8523a35533f330367dca292bab4e0
                                                                                                                                                                                • Opcode Fuzzy Hash: 497c16de4f735e54c39d9c29a25e3ccf613fd30f9a133fc15ad6e0d1b8324d8a
                                                                                                                                                                                • Instruction Fuzzy Hash: 5EE09232644628AFCF026FA2ED089E93E28DF0F751B004010F64D76170CA7129089BE5
                                                                                                                                                                                Function 00CD6B50 Relevance: 7.6, APIs: 5, Instructions: 122COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00CD6B84
                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00CD6BA6
                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 00CD6BCE
                                                                                                                                                                                • std::_Facet_Register.LIBCPMT ref: 00CD6CB7
                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 00CD6CE1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 459529453-0
                                                                                                                                                                                • Opcode ID: cb46ef8ab75e6b3f7e5a66feae3cf4433070f540ac09400184b139734faf80da
                                                                                                                                                                                • Instruction ID: 2af3554c79c2d0e729a5470602e5671afb5cfc0e0b747d29c68781c51b7833b3
                                                                                                                                                                                • Opcode Fuzzy Hash: cb46ef8ab75e6b3f7e5a66feae3cf4433070f540ac09400184b139734faf80da
                                                                                                                                                                                • Instruction Fuzzy Hash: 0251E0B0900218DFDB21DF58C884BAEBBB0EB55314F24815EE991AB3C1D775AE45CBA0
                                                                                                                                                                                Function 00BD0240 Relevance: 7.6, APIs: 5, Instructions: 60memorywindowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00BD028A
                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 00BD0290
                                                                                                                                                                                • FormatMessageW.KERNEL32(00001300,00000000,?,00000400,00000000,00000000,00000000), ref: 00BD02B3
                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,00DB9B16,000000FF), ref: 00BD02DB
                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?,00DB9B16,000000FF), ref: 00BD02E1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Heap$FreeProcess$FormatMessage
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1606019998-0
                                                                                                                                                                                • Opcode ID: 45a52997936fb8c061ec28a04c0e141819d35f7f65686bfa68918bef1cee57a0
                                                                                                                                                                                • Instruction ID: f19c99092d7ef1af99c3ffcef26e21a539e64653b03ddb9e45d9875bdd3a3827
                                                                                                                                                                                • Opcode Fuzzy Hash: 45a52997936fb8c061ec28a04c0e141819d35f7f65686bfa68918bef1cee57a0
                                                                                                                                                                                • Instruction Fuzzy Hash: 9A1163B0A54219EBEB10EF94DC06FAFB7B8EB04704F10055AF514A72C1D7B5A6048BB1
                                                                                                                                                                                Function 00BE16F0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 204COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • PathIsUNCW.SHLWAPI(*.*,?,?,?,E252F71D,?), ref: 00BE17D5
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Path
                                                                                                                                                                                • String ID: *.*$\\?\$\\?\UNC\
                                                                                                                                                                                • API String ID: 2875597873-1700010636
                                                                                                                                                                                • Opcode ID: 123736ba5a74e2d5b2c48bd85d8fc553531e45d2621357211d2f51c433c08722
                                                                                                                                                                                • Instruction ID: 6ab52b99287487b7be806748a2978285f2dfc581763ff3e15a7a5879a669e079
                                                                                                                                                                                • Opcode Fuzzy Hash: 123736ba5a74e2d5b2c48bd85d8fc553531e45d2621357211d2f51c433c08722
                                                                                                                                                                                • Instruction Fuzzy Hash: D971F271A006459BD710DF6EC848B6EF3FAFF54724F2486A8E415AB291DB769E00CB90
                                                                                                                                                                                Function 00D0F520 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 167COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00BCAB90: GetProcessHeap.KERNEL32 ref: 00BCABE5
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCAC17
                                                                                                                                                                                  • Part of subcall function 00BCAB90: __Init_thread_footer.LIBCMT ref: 00BCACA2
                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00DFB9DF,000000FF), ref: 00D0F6A3
                                                                                                                                                                                • DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00DFB9DF,000000FF), ref: 00D0F731
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Init_thread_footer$CloseCriticalDeleteHandleHeapProcessSection
                                                                                                                                                                                • String ID: << Advanced Installer (x86) Log >>$<3
                                                                                                                                                                                • API String ID: 3699736680-3345534290
                                                                                                                                                                                • Opcode ID: efae75bafbc888ce095c6d229016efa598b5792f39ecd0474aaf894f1b91598f
                                                                                                                                                                                • Instruction ID: e7c63b135000d0d69ac4a8867b550aa175105a03d6c98679fa2542106413ee18
                                                                                                                                                                                • Opcode Fuzzy Hash: efae75bafbc888ce095c6d229016efa598b5792f39ecd0474aaf894f1b91598f
                                                                                                                                                                                • Instruction Fuzzy Hash: 3761F370900646DFD700CF69C988B4AFBF4FF4A714F1482ACD414AB792DB75AA09CB91
                                                                                                                                                                                Function 00D2F2E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateFileW.KERNEL32(00000000,40000000,00000001,00000000,00000002,00000080,00000000,E252F71D,?,6CEF37E0,?), ref: 00D2F342
                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,0000C800,0000C800,00000000,?,?,0000C800), ref: 00D2F3D8
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,0000C800), ref: 00D2F44C
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                • String ID: <3
                                                                                                                                                                                • API String ID: 1065093856-878583566
                                                                                                                                                                                • Opcode ID: 35f8292bb5623a0ae09e08c044fc1180d3dc96699220c09734b49489ee5df287
                                                                                                                                                                                • Instruction ID: 6afed1dd7de27f0d422bb6c4e983a75ad3717d76de2dc0d52bdc6fb4f64feda7
                                                                                                                                                                                • Opcode Fuzzy Hash: 35f8292bb5623a0ae09e08c044fc1180d3dc96699220c09734b49489ee5df287
                                                                                                                                                                                • Instruction Fuzzy Hash: ED514AB1A00218AFDF00DFA9ED45BEEBBB8FF58714F248169E510B7290D7755A048B64
                                                                                                                                                                                Function 00BD0610 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 78libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryW.KERNEL32(combase.dll,RoOriginateLanguageException,?,?,?,?,000000FF), ref: 00BD0652
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,combase.dll), ref: 00BD0658
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                • String ID: RoOriginateLanguageException$combase.dll
                                                                                                                                                                                • API String ID: 2574300362-3996158991
                                                                                                                                                                                • Opcode ID: 4432b0c190ef80a0860b2233a43f23a8ed37692bf66c3c2e982eceec3d073db7
                                                                                                                                                                                • Instruction ID: 2a994f37459f3364a85356448ab6c17ffd78fc8b4dc9f65f1e9640f73c17c2df
                                                                                                                                                                                • Opcode Fuzzy Hash: 4432b0c190ef80a0860b2233a43f23a8ed37692bf66c3c2e982eceec3d073db7
                                                                                                                                                                                • Instruction Fuzzy Hash: 24313071914209DFDB10EF64DD45BEEB7F4FB44314F10866AE825A72D0EBB49A04CBA1
                                                                                                                                                                                Function 00BD8CF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00EAE7BC), ref: 00BD8D2C
                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00BD8D40
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00EAE7BC), ref: 00BD8D7F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$CurrentEnterLeaveThread
                                                                                                                                                                                • String ID: v
                                                                                                                                                                                • API String ID: 2351996187-3261393531
                                                                                                                                                                                • Opcode ID: ac43d5e5581de3e6022d35c9e3e703785a8125b403f108b1489898c1a1aeb375
                                                                                                                                                                                • Instruction ID: 25e0d6388ebf6fa91a5f92eafd53b97804b84c76a2d01d963f0e38e0eaf40d4f
                                                                                                                                                                                • Opcode Fuzzy Hash: ac43d5e5581de3e6022d35c9e3e703785a8125b403f108b1489898c1a1aeb375
                                                                                                                                                                                • Instruction Fuzzy Hash: EE11E631904718CFCB20CF15C80475AFBE5EB59B11F1082AFE862A73D0EB7068048B90
                                                                                                                                                                                Function 00D8DAC5 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Cnd_broadcastCurrentMtx_unlockThread
                                                                                                                                                                                • String ID: x
                                                                                                                                                                                • API String ID: 2021000804-2985756205
                                                                                                                                                                                • Opcode ID: 27102765cae123c3cbb0a351574a9748145c65026755c81692eab1ad7865a86f
                                                                                                                                                                                • Instruction ID: 9c549b5c5e7ea73ced1807660b68fb53e7ec75efc3f57ec1ff1e2d715a3d0eaf
                                                                                                                                                                                • Opcode Fuzzy Hash: 27102765cae123c3cbb0a351574a9748145c65026755c81692eab1ad7865a86f
                                                                                                                                                                                • Instruction Fuzzy Hash: DC01BC356007029FDB29BF65C851AAAB3BAEF50361F250439E55AAB2C0D771FC00DBB0
                                                                                                                                                                                Function 00D94C0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,00D94BBD,?,?,00000000,?,?,?,00D94CE7,00000002,FlsGetValue,00E19F08,FlsGetValue), ref: 00D94C19
                                                                                                                                                                                • GetLastError.KERNEL32(?,00D94BBD,?,?,00000000,?,?,?,00D94CE7,00000002,FlsGetValue,00E19F08,FlsGetValue,?,?,00D91B04), ref: 00D94C23
                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 00D94C4B
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                • String ID: api-ms-
                                                                                                                                                                                • API String ID: 3177248105-2084034818
                                                                                                                                                                                • Opcode ID: 5b64f78dc3b4cef536886eca9088211a3c1ad87cef70ed52811cfe184ce1406e
                                                                                                                                                                                • Instruction ID: 38c312a2e152f5d62f8147d612136fc4f3a63037c0e6e0d69c4b9c82766d8728
                                                                                                                                                                                • Opcode Fuzzy Hash: 5b64f78dc3b4cef536886eca9088211a3c1ad87cef70ed52811cfe184ce1406e
                                                                                                                                                                                • Instruction Fuzzy Hash: 4CE04830244308BFFF101F91ED06FDD3B55AB00B95F148020FA1CB40F5EB71A9599655
                                                                                                                                                                                Function 00BD5390 Relevance: 6.3, APIs: 4, Instructions: 269memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SysAllocStringLen.OLEAUT32(00000000,?), ref: 00BD545A
                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00BD54A6
                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00BD54C8
                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00BD5623
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: String$Free$Alloc
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 986138563-0
                                                                                                                                                                                • Opcode ID: 81c78d87db819dc5c5c786a9092cdadd09e7bca99f7672c75bdedbbdf48e7732
                                                                                                                                                                                • Instruction ID: 6e4c6471fa2317cd32a0d106819de939278448fa3da34b9ec1f5c7cfd12e9f96
                                                                                                                                                                                • Opcode Fuzzy Hash: 81c78d87db819dc5c5c786a9092cdadd09e7bca99f7672c75bdedbbdf48e7732
                                                                                                                                                                                • Instruction Fuzzy Hash: ACA18071A0060AEFDB25DF98CC85BAEB7F8EF44714F10415AE515E7380E774AA05CB61
                                                                                                                                                                                Function 00BE34C0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(E252F71D,E252F71D,?), ref: 00BE34FF
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,E252F71D,?), ref: 00BE350C
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,00000000,?), ref: 00BE35E3
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                                                                • String ID: v
                                                                                                                                                                                • API String ID: 3991485460-3261393531
                                                                                                                                                                                • Opcode ID: d7db56d4767a676b1f23b034ff448479363dd80a817842d9eec0eb950dcc9538
                                                                                                                                                                                • Instruction ID: efcc14d669b7341f7fe337cb1a966537ed2a07d5f850cc133de9b597344d1afe
                                                                                                                                                                                • Opcode Fuzzy Hash: d7db56d4767a676b1f23b034ff448479363dd80a817842d9eec0eb950dcc9538
                                                                                                                                                                                • Instruction Fuzzy Hash: 6E4115302047858FDB21CF39C844BAABBF1EF59710F1045A9E996D7391CB31EA19DBA0
                                                                                                                                                                                Function 00BE32F0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(?,E252F71D), ref: 00BE335A
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,E252F71D), ref: 00BE3367
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 00BE33B8
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                                                                • String ID: v
                                                                                                                                                                                • API String ID: 3991485460-3261393531
                                                                                                                                                                                • Opcode ID: 5f5e1d96c9317d4720f555207e9bf64c0749f3802d97d8b0d67cf6a5edac1a04
                                                                                                                                                                                • Instruction ID: de7f95ba534fbc9f8c0a091edbba1b38df6db1a75e445275078821481ee52bb2
                                                                                                                                                                                • Opcode Fuzzy Hash: 5f5e1d96c9317d4720f555207e9bf64c0749f3802d97d8b0d67cf6a5edac1a04
                                                                                                                                                                                • Instruction Fuzzy Hash: C521D3729002849FDF11CF65CC44BD9BBB4FB5A724F1441A9DC59AB382DB315A09CBA0
                                                                                                                                                                                Function 00BE33E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(?,E252F71D), ref: 00BE344A
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,E252F71D), ref: 00BE3457
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 00BE349E
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                                                                • String ID: v
                                                                                                                                                                                • API String ID: 3991485460-3261393531
                                                                                                                                                                                • Opcode ID: 5bade5fae7ea3301938f2a18a81e987a6103d5e0ab9bc9567476bc465280e490
                                                                                                                                                                                • Instruction ID: c049db7810887dc30a152e3f75e4ac168f5688e8c76b965fcd5b4327cdd8b9d8
                                                                                                                                                                                • Opcode Fuzzy Hash: 5bade5fae7ea3301938f2a18a81e987a6103d5e0ab9bc9567476bc465280e490
                                                                                                                                                                                • Instruction Fuzzy Hash: 0B21AE729002449FDF11CF65CC44BA9BBB4FF1A724F1045A9EC55AB382D731AA09CBA0
                                                                                                                                                                                Function 00BE3230 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(?,E252F71D,?), ref: 00BE328D
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,E252F71D,?), ref: 00BE329A
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 00BE32C2
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                                                                • String ID: v
                                                                                                                                                                                • API String ID: 3991485460-3261393531
                                                                                                                                                                                • Opcode ID: 1a016bd58c5d239c533a238d9b110eb513b87d954f32bf6a4ef85fe3a00b65bc
                                                                                                                                                                                • Instruction ID: ba61247b79dd2f72e454d0d9f56ae1277b147cfcad340fa8a6b0b765a926627a
                                                                                                                                                                                • Opcode Fuzzy Hash: 1a016bd58c5d239c533a238d9b110eb513b87d954f32bf6a4ef85fe3a00b65bc
                                                                                                                                                                                • Instruction Fuzzy Hash: C0210676904388DFDF01CF64D844BE9BBB4EF56724F2041A9D855A7381D7325A09CBA0
                                                                                                                                                                                Function 00BCBDF0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 455synchronizationCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateEventExW.KERNEL32(00000000,00000000,00000001,001F0003,?,?,?,E252F71D), ref: 00BCC318
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00BCC36E
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateEventObjectSingleWait
                                                                                                                                                                                • String ID: <3
                                                                                                                                                                                • API String ID: 2678385144-878583566
                                                                                                                                                                                • Opcode ID: 996ef904cf9a2bd5c8e2a0cb51c29aefa17095be0cf47088b03ba9461cd71d21
                                                                                                                                                                                • Instruction ID: cd4e62d18f92f5f06332dea0b53e0282c1caf5cf88ba5f2971e463c82602d1e5
                                                                                                                                                                                • Opcode Fuzzy Hash: 996ef904cf9a2bd5c8e2a0cb51c29aefa17095be0cf47088b03ba9461cd71d21
                                                                                                                                                                                • Instruction Fuzzy Hash: 6B229C70801288DEEF05DFA8C948BDD7FF4AF21308F14819DE8556B292DBB99B48DB51
                                                                                                                                                                                Function 00BD7310 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 194COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: :${
                                                                                                                                                                                • API String ID: 0-3766677574
                                                                                                                                                                                • Opcode ID: fdec1e989a7edfe63921e0efe1519f8cfe9ef21c452f6618c65239a9ef7b8b4e
                                                                                                                                                                                • Instruction ID: 031e556c143b5a2f8f5f6cc14665688c7544d601f0744f9dc32cd3a84067c63a
                                                                                                                                                                                • Opcode Fuzzy Hash: fdec1e989a7edfe63921e0efe1519f8cfe9ef21c452f6618c65239a9ef7b8b4e
                                                                                                                                                                                • Instruction Fuzzy Hash: E661A270A442159ACF248F689895BFEFBE4EB09724F14449AE802EB380FB75DC40CB65
                                                                                                                                                                                Function 00CCEAB0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 160COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • PathIsUNCW.SHLWAPI(?,E252F71D), ref: 00CCEB51
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Path
                                                                                                                                                                                • String ID: \\?\$\\?\UNC\
                                                                                                                                                                                • API String ID: 2875597873-3019864461
                                                                                                                                                                                • Opcode ID: 64c629d4db654eca5f3ac72d5d49957a9dcd654812f9a14cb4ae9ebe6951599e
                                                                                                                                                                                • Instruction ID: 1fecd3761f65d0270f9fdb70347f8ab168883153e9f573c43c2e7886118df9b2
                                                                                                                                                                                • Opcode Fuzzy Hash: 64c629d4db654eca5f3ac72d5d49957a9dcd654812f9a14cb4ae9ebe6951599e
                                                                                                                                                                                • Instruction Fuzzy Hash: 9E51FE70D006049BDB14CF68D895FAEB7F4FF86304F10861DE85267281EBB16A48CBE4
                                                                                                                                                                                Function 00D325A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 151COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • OpenEventW.KERNEL32(00000000,00000000,E252F71D,_pbl_evt,00000008,?,?,00E3B488,00000001,E252F71D,00000000), ref: 00D3264E
                                                                                                                                                                                • CreateEventW.KERNEL32(00000000,00000001,00000001,?), ref: 00D3266B
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Event$CreateOpen
                                                                                                                                                                                • String ID: _pbl_evt
                                                                                                                                                                                • API String ID: 2335040897-4023232351
                                                                                                                                                                                • Opcode ID: ec6786f7819ef934af6c885a9c71b83c847670b66780c0921579545a5977c90b
                                                                                                                                                                                • Instruction ID: 9f68335839dfdb03e381b95b5b13b8d1a33601f61b7081ca3f2509d3e48604b5
                                                                                                                                                                                • Opcode Fuzzy Hash: ec6786f7819ef934af6c885a9c71b83c847670b66780c0921579545a5977c90b
                                                                                                                                                                                • Instruction Fuzzy Hash: 4F517171D10608DFDB10DF68DD46BAEB7B4EF18710F108269E915B72D0DB746A04CBA5
                                                                                                                                                                                Function 00DB167C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00DA820D: HeapFree.KERNEL32(00000000,00000000,?,00DB1120,?,00000000,?,?,00DB13C1,?,00000007,?,?,00DB1813,?,?), ref: 00DA8223
                                                                                                                                                                                  • Part of subcall function 00DA820D: GetLastError.KERNEL32(?,?,00DB1120,?,00000000,?,?,00DB13C1,?,00000007,?,?,00DB1813,?,?), ref: 00DA822E
                                                                                                                                                                                • ___free_lconv_mon.LIBCMT ref: 00DB16C0
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                • String ID: XB$p@
                                                                                                                                                                                • API String ID: 4068849827-310831944
                                                                                                                                                                                • Opcode ID: 4f8c65695ccbdd0fcda56fd79d5a49253642cc1fbe2cfcfa30c3723582f3bf1c
                                                                                                                                                                                • Instruction ID: 81f2af1183be6ec0d45a5249fab2441905b8e03f6551ae10a4ba1464c76dfa85
                                                                                                                                                                                • Opcode Fuzzy Hash: 4f8c65695ccbdd0fcda56fd79d5a49253642cc1fbe2cfcfa30c3723582f3bf1c
                                                                                                                                                                                • Instruction Fuzzy Hash: 9F318D35A00740DFEB20AA79D855FAA7BE8EF01310F684529E466D71A1DF31EC40DB74
                                                                                                                                                                                Function 00CE5040 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 110windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FormatMessageW.KERNEL32(000013FF,00000000,?,00000000,00000000,00000000,00000000,E252F71D,00E3A804), ref: 00CE50AC
                                                                                                                                                                                • LocalFree.KERNEL32(00000000,00000000,-00000002), ref: 00CE51A3
                                                                                                                                                                                  • Part of subcall function 00CD49B0: std::locale::_Init.LIBCPMT ref: 00CD4A8D
                                                                                                                                                                                  • Part of subcall function 00CD2440: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00CD2515
                                                                                                                                                                                Strings
                                                                                                                                                                                • Failed to get Windows error message [win32 error 0x, xrefs: 00CE50CA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FormatFreeInitIos_base_dtorLocalMessagestd::ios_base::_std::locale::_
                                                                                                                                                                                • String ID: Failed to get Windows error message [win32 error 0x
                                                                                                                                                                                • API String ID: 1983821583-3373098694
                                                                                                                                                                                • Opcode ID: 9a4bd9fb570a591a51ddf44226e526089051c47026d595d90e786c02fcac86f0
                                                                                                                                                                                • Instruction ID: 75102e179eb1becd80e745521e300256915c4d51d3d4b7b06b9fa407b85b85e2
                                                                                                                                                                                • Opcode Fuzzy Hash: 9a4bd9fb570a591a51ddf44226e526089051c47026d595d90e786c02fcac86f0
                                                                                                                                                                                • Instruction Fuzzy Hash: 0B41C370A007489FDB10DF59CD46BAEBBF8EF44314F208159E515A72D1EBB49B48CB92
                                                                                                                                                                                Function 00C05730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00C0575B
                                                                                                                                                                                • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00C057BE
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                                • String ID: bad locale name
                                                                                                                                                                                • API String ID: 3988782225-1405518554
                                                                                                                                                                                • Opcode ID: 5f9ef36c3d1c1685a739287a8e249c37f29133cd24d74fbafc614b1c1d645e0f
                                                                                                                                                                                • Instruction ID: eddded279f2ca2fdff4cce923fe56912234578c45f9b11e39a98157f50227547
                                                                                                                                                                                • Opcode Fuzzy Hash: 5f9ef36c3d1c1685a739287a8e249c37f29133cd24d74fbafc614b1c1d645e0f
                                                                                                                                                                                • Instruction Fuzzy Hash: 8821ED70A09B84DFD721CF68C904B4BBBE4AF15700F14869DE49597BC1D3B6EA04CBA1
                                                                                                                                                                                Function 00D8F694 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00BD9C30: InitializeCriticalSectionAndSpinCount.KERNEL32(00EA7D50,00000000,E252F71D,00BC0000,00DB7F70,000000FF,?,00D8F6C3,?,?,?,00BC7586), ref: 00BD9C55
                                                                                                                                                                                  • Part of subcall function 00BD9C30: GetLastError.KERNEL32(?,00D8F6C3,?,?,?,00BC7586), ref: 00BD9C5F
                                                                                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,00BC7586), ref: 00D8F6C7
                                                                                                                                                                                • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00BC7586), ref: 00D8F6D6
                                                                                                                                                                                Strings
                                                                                                                                                                                • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00D8F6D1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                                                                                                                                                                • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                • API String ID: 450123788-631824599
                                                                                                                                                                                • Opcode ID: 4f9d186fc1e47cb01c153ae236040e404c6957f73ef706cdc88568cfbed9c799
                                                                                                                                                                                • Instruction ID: b35be6335ba01b9c39fcdda89d873d03ba064f1ebeb6591323137d5e03801a46
                                                                                                                                                                                • Opcode Fuzzy Hash: 4f9d186fc1e47cb01c153ae236040e404c6957f73ef706cdc88568cfbed9c799
                                                                                                                                                                                • Instruction Fuzzy Hash: 0FE092712007418FD370BF25E915782BBE4AF14344F04896DE896D3751EBB5E488CB71
                                                                                                                                                                                Function 00D8FA13 Relevance: 5.0, APIs: 4, Instructions: 41memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008,?,00BD72C7,?,?,00BD7074,?), ref: 00D8FA18
                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,00BD7074,?), ref: 00D8FA1F
                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00BD7074,?), ref: 00D8FA65
                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,00BD7074,?), ref: 00D8FA6C
                                                                                                                                                                                  • Part of subcall function 00D8F8B1: GetProcessHeap.KERNEL32(00000008,0000000D,00000000,?,00D8FA5B,00000000,?,?,00BD7074,?), ref: 00D8F8D5
                                                                                                                                                                                  • Part of subcall function 00D8F8B1: HeapAlloc.KERNEL32(00000000,?,?,00BD7074,?), ref: 00D8F8DC
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000003.00000002.1929788935.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
                                                                                                                                                                                • Associated: 00000003.00000002.1929762414.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930059215.0000000000E18000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930156848.0000000000EA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930191947.0000000000EA6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930213200.0000000000EA7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000003.00000002.1930239914.0000000000EB1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_3_2_bc0000_PCPrivacyShieldSetup.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Heap$Process$Alloc$Free
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1864747095-0
                                                                                                                                                                                • Opcode ID: 2b73e3f31bed4ca894e6936b5260a970ba5e3052052d383bb656e87fcf08fd21
                                                                                                                                                                                • Instruction ID: c10db056bcac3968507a4dd9fe6e4b92407a3c107574fda75a911b037bb1085e
                                                                                                                                                                                • Opcode Fuzzy Hash: 2b73e3f31bed4ca894e6936b5260a970ba5e3052052d383bb656e87fcf08fd21
                                                                                                                                                                                • Instruction Fuzzy Hash: 7CF0E973744B119BE7293FB97D0C9AB296AAFC87B17068138F58AD7254DE70C8058770